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Foreword 



This book is based on author's lectures on the theory of processes for students 
of Faculty of Mathematics and Mechanics and Faculty of Computational 
Mathematics and Cybernetics of Moscow State University. 

The book gives a detailed exposition of basic concepts and results of a 
theory of processes. The presentation of theoretical concepts and results is 
accompanied with illustrations of their application to solving various prob- 
lems of verification of processes. Some of these examples are taken from the 
books [89] and [92]. 

Along with well-known results there are presented author's results re- 
lated to verification of processes with message passing, and there are given 
examples of an application of these results. 
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Chapter 1 
Introduction 



1.1 A subject of theory of processes 

Theory of processes is a branch of mathematical theory of systems, which 
studies mathematical models of behavior of dynamic systems, called pro- 
cesses. 

Informally, a process is a model of a behavior, which performs actions. 
Such actions may be, for example 

• reception or transmission of any objects, or 

• transformation of these objects. 

The main advantages of theory of processes as a mathematical apparatus 
designed to modeling and analysis of dynamic systems, are as follows. 

1. An apparatus of theory of processes is well suited for formal descrip- 
tion and analysis of behavior of distributed dynamic systems, i.e. 
such systems, which consist of several interacting components, with the 
following properties: 

• all these components work in parallel, and 

• interaction of these components occurs by sending signals or mes- 
sages from one component to other component. 

The most important example of a distributed dynamic systems is a 
computer system. In this system 
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(a) one class of components is determined by a set of computer pro- 
grams, that are executed in this system, 

(b) other class of components is associated with a hardware platform, 
on the base of which the computer programs are executed, 

(c) the third class of components represents a set information re- 
sources (databases, knowledge bases, electronic libraries, etc.) which 
are used for the operation of this system 

(d) also it can be taken into account a class of components associated 
with the human factor. 

2. Methods of theory of processes allow to analyse with acceptable com- 
plexity models with very large and even infinite sets of states. This is 
possible due to methodology of symbolic transformation of expressions 
which are symbolic representation of processes. 

The most important examples of models with an infinite set of states 
are models of computer programs with variables, domains of which 
have very large size. In many cases, models of such programs can be 
analyzed more easily, if domains of some variables in these models are 
represented as infinite sets. For example, a domain of variables of the 
type double is a finite set of real numbers, but this set is very large, 
and in many cases it is puprosely to replace this finite domain by an 
infinite domain of all real numbers In some cases a representation of 
an analyzed program as a model with an infinite set of states greatly 
simplifies a reasoning about this program. An analysis of a model of 
this program with a finite (but very large) set of states with use of 
methods based on explicit or symbolic representation of a set of states 
can have very high computational complexity, and in some cases a 
replacement 

• the problem of an analysing of original finite model 

• on the problem of an analysing of the corresponding infinite model 
by methods which are based on symbolic transformations of ex- 
pressions describing this model 

can provide a substantial gain in computational complexity. 

3. Methods of theory of processes are well suited for investigation of hi- 
erarchical systems, i.e. such systems that have a multilevel structure. 
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Each component of such systems is considered as a subsystem, which, 
in turn, may consist of several subcomponents. Each of these subcom- 
ponents can interact 

• with other subcomponents, and 

• with higher-level systems. 

The main sources of problems and objects of results of the theory of 
processes are distributed computer systems. 

Also the theory of processes can be used for modeling and analysis of 
behavior of systems of different nature, most important examples of which 
are organizational systems. These systems include 

• enterprise performance management systems, 

• state organizations, 

• system of organization of commertial processes (for example, manage- 
ment system of commercial transactions, auctions, etc.) 

The processes relating to behavior of such systems are called business- 
processes. 

1.2 Verification of processes 

The most important class of problems, whose solution intended theory of 
processes, is related to the problem of verification of processes. 

The problem of verification of a process consists of a constructing a 
formal proof that analyzed process has the required properties. 

For many processes this problem is extremely important. For instance, 
the safe operation of such systems as 

• control systems of nuclear power stations, 

• medical devices with computer control 

• board control systems of aircrafts and spacecrafts 

• control system of secret databases 

• systems of e-business 
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is impossible without a satisfactory solution of the problem of verification 
of correctness and security properties of such systems. A violation of these 
properties in such systems may lead to significant damage to the economy 
and the human security. 

The exact formulation of the problem of verification consist of the follow- 
ing parts. 

1. Construction of a process P, which is a mathematical model of behavior 
of analyzed system. 

2. Representation inspected properties in the form of a mathematical ob- 
ject S (called a specification). 

3. Construction of a mathematical proof of a statement that the process 
P satisfies the specification S. 

1.3 Specification of processes 

A specification of a process represents a description of properties of this 
process in the form of some mathematical object. 

An example of a specification is the requirement of reliability of data 
transmission through the unreliable medium. It does not specify how exactly 
should be provided this ensured reliability. 

For example, the following objects can be used as a specification. 

1. A logical formula which expresses a requirement for an analysed pro- 
cess. 

For example, such a requirement may be a condition that if the process 
has received some request, then the process will give response to this 
request after a specified time. 

2. Representation of an analyzed process on a higher level of abstraction. 

This type of specifications can be used in multi-level designing of pro- 
cesses: for every level of designing of a process an implementation of 
the process at this level can be considered as a specification for imple- 
mentation of this process at the next level of designing. 
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3. A reference process, on which it is assumed that this process has a 
given property. 

In this case, the problem of verification consists of a construction of a 
proof of equivalence of a reference process and an analysed processes. 

In a construction of specifications it should be guided the following prin- 
ciples. 

1. A property of a process can be expressed in different specification lan- 
guages (SL), and 

• on one SL it can be expressed in a simple form, and 

• on another SL it can be expressed in a complex form. 

For example, a specification that describes a relationship between input 
and output values for a program that computes the decomposition of 
an integer into prime factors, has 

• a complex form in the language of predicate logic, but 

• a simple form, if this specification is express in the form of a 
standard program. 

Therefore, for representation of properties of processes in the form of 
specifications it is important to choose a most appropriate SL, which 
allows to write this specification in a most clear and simple form. 

2. If a property of a process initially was expressed in a natural language, 
then in translation of this prorerty to a corresponding formal specifica- 
tion it is important to ensure consistency between 

• a natural- language description of this property, and 

• its formal specification, 

because in case of non-compliance of this condition results of verifica- 
tion will not have a sense. 
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Chapter 2 



The concept of a process 



2.1 Representation of behavior of dynamic 
systems in the form of processes 

One of possible methods of mathematical modeling of a behavior of dynamic 
systems is to present a behavior of these systems in the form of processes. 

A process usually does not take into account all details of a behavior of 
an analyzed system. 

A behavior can be represented by different processes reflecting 

• different degrees of abstraction in the model of this behavior, and 

• different levels of detailization of actions executable by a system. 

If a purpose of constructing of a process for representation of behavior 
of a system is to check properties of this behavior, then a choice of level 
of detailization of the system's actions must be dependent on the analyzed 
properties. The construction of a process for representation of a behavior of 
an analyzed system should take into account the following principles. 

1. A description of the process should not be excessively detailed, be- 
cause as excessive complexity of this description can cause significant 
computational problems in formal analysis of this process. 

2. A description of the process should not be overly simplistic, it should 

• to reflect those aspects of a behavior of the simulated system, that 
are relevant to analyzed properties, and 
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• preserve all those properties of the behavior of this system, that 
are interesting for analysis 

because if this condition does not hold, then an analysis of such a 
process will not make sense. 

2.2 Informal concept of a process and exam- 
ples of processes 

Before formulating a precise definition of a process, we give an informal 
explanation of a concept of a process, and consider simplest examples of 
processes. 

2.2.1 Informal concept of a process 

As it was stated above, we understand a process as a model of a behavior of 
a dynamic system, on some level of abstraction. 

A process can be thought as a graph P, whose components have the 
following sense. 

• Nodes of the graph P are called states and represent situations (or 
classes of situations), in which a simulated system can be at different 
times of its functioning. 

One of the states is selected, it is called an initial state of the process 
P. 

• Edges of the graph P have labels. These labels represent actions, 
which may be executed by the simulated system. 

• An execution of the process P is described by a walking along the 
edges of the graph P from one state to another. The execution starts 
from the initial state. 

A label of each edge represents an action of the process, executed during 
the transition from the state at the beginning of the edge to the state 
at its end. 
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2.2.2 An example of a process 

As a first example of a process, consider a process representing the simplest 
model of behavior of a vending machine. 
We shall assume that this machine has 

• a coin acceptor, 

• a button, and 

• a tray for output of goods. 

When a customer wants to buy a good, he 

• drops a coin into the coin acceptor, 

• presses the button 

and then the good appears in the tray. 

Assume that our machine sells chocolates for 1 coin per each. 
We describe actions of this machine. 

• On the initiative of the customer, in the machine may occur the fol- 
lowing actions: 

— an input of the coin in the coin acceptor, and 

— a pressing of the button. 

• In response, the machine can perform reaction: an output of a chocolate 
on the tray. 

Let us denote the actions by short names: 

• an input of a coin we denote by in_coin, 

• a pressing of the button by pr_but, and 

• an output of a chocolate by out-choc. 



14 



Then the process of our vending machine has the following form: 




This diagram explains how the vending machine does work: 

• at first, the machine is in the state sq, in this state the machine expects 
an input of a coin in the coin acceptor 

(the fact that the state s is initial, shown in the diagram by a double 
circle around the identitifier of this state) 

• when a coin appears, the machine goes to the state si and waits for 
pressing the button 

• after pressing the button the machine 

— goes to the state s 2 , 

— outputs a chocolate, and 

— returns to the state s . 

2.2.3 Another example of a process 

Consider a more complex example of a vending machine, which differs from 
the previous one that sells two types of goods: tea and coffee, and the cost 
of tea is 1 ruble, and the cost of coffee is 2 rubles. 

The machine has two buttons: one for tea, and another for coffee. 

Buyers can pay with coins in denominations of 1 ruble and 2 ruble. These 
coins will be denoted by the symbols coinA and coin_2, respectively. 

If a customer dropped in a coin acceptor a coin coin A, then he can only 
buy a tea. If he dropped a coin coin_2, then he can buy a coffee or two of 



15 



tea. Also it is possible to buy a coffee, dropping in a coin acceptor a couple 
of coins coin_l. 

A process of such vending machine has the following form: 




For a formal definition of a process we must clarify a concept of an action. 
This clarification is presented in section 12.31 

2.3 Actions 

To define a process P, which is a behavior model of a dynamic system, it 
must be specified a set Act(P) of actions, which can be performed by the 
process P. 

We shall assume that actions of all processes are elements of a certain 
universal set Act of all possible actions, that can be performed by any process, 
i.e., for every process P 

Act(P) C Act 

A choice of the set Act(P) of actions of the process P depends on a 
purpose of a modeling. In different situations, for a representation of a model 
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of an analyzed system in the form of a process it may be choosen different 
sets of actions. 

We shall assume that the set Act of actions is subdivided on the following 
3 classes. 

1. Input actions, which are denoted by symbols of the form 

a? 

The action a? is interpreted as an input of an object with the name a. 

2. Output actions, which are denoted by symbols of the form 

a\ 

The action a\ is interpreted as an output of an object with the name 
a. 

3. Internal (or invisible) actions, which are denoted by the symbol r. 

An action of the process P is said to be internal, if this action does 
not related with an interaction of this process with its environment, 
i.e. with processes which are external with respect to the process P, 
and with which it can interact. 

For example, an internal action can be due to the interaction of com- 
ponents of P. 

In fact, internal actions may be different, but we denote all of them by 
the same symbol r. This reflects our desire not to distinguish between 
all internal actions, because they are not observable outside the process 
P. 

Let Names be a set of all names of all objects, which can be used in input 
or output actions. The set Names is assumed to be infinite. 

The set Act of all actions, which can be executed by processes, is a disjoint 
union of the form 

Act = {a? | a G Names} U 

U {a! | a e Names} U (2.1) 
U {r} 

Objects, which can be used in input or output actions, may have different 
nature (both material and not material). For example, they may be 
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• material resources, 

• people 

• money 

• information 

• energy 

• etc. 

In addition, the concept of an input and an output can have a virtual 
character, i.e. the words input and output may only be used as a metaphor, 
but in reality no input or output of any real object may not occur. Informally, 
we consider a non-internal action of a process P as 

• an input action, if this action was caused by a process from an envi- 
ronment of P, and 

• an output action, if it was caused by P. 

For each name a G Names the actions a? and a\ are said to be comple- 
mentary. 

We shall use the following notation. 

1. For every action a G Act \ {r} the symbol a denotes an action, which 
is complementary to a, i.e. 



2. For every action a G Act \ {r} the string name(a) denotes the name 
specified in the action a, i.e. 



— o del i — r det 

a! = a!, al = a! 



name{al) 



dcf 



name(a\) 
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For each subset L C Act \{r} 



• L = {a | a G L} 

• names(L) = f {name(a) | a G L} 
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2.4 Definition of a process 

A process is a triple P of the form 

P = (S,s°,R) (2.2) 
whose components have the following meanings. 

• S is a set whose elements are called states of the process P. 

• s° E S is a selected state, called an initial state of the process P. 

• R is a subset of the form 

RCS x Actx S 

Elements of R are called transitions. 

If a transition from R has the form (s 1 , a, s 2 ), then 

— we say that this transition is a transition from the state si to the 
state s 2 with an execution of the action a, 

— states S\ and s 2 are called a start and an end of this transition, 
respectively, and the action a is called a label of this transition, 
and 

— sometimes, in order to improve a visibility, we will denote this 
transition by the diagram 

si — s 2 (2.3) 

An execution of a process P = (S, s°, i?) is a generation of a sequence 
of transitions of the form 



with an execution of actions ao, a±, a 2 ■ ■ ., which are labels of these transitions. 
At every step % > of this execution 

• the process P is in some state Sj (s = s°), 

• if there is at least one transition from i? starting at Sj, then the process 
P 
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— non-deterministically chooses a transition from R starting at Sj, 
labeled such action Oj, which can be executed at the current time 
(if there is no such transitions, then the process suspends until at 
least one such transition will occur) 

— performs the action Oj, and then 

— goes to the state Sj+i, which is the end of the selected transition 

• if R does not contain transitions starting at Sj, then the process com- 
pletes its work. 

The symbol Act(P) denotes the set of all actions in Act \ {r}, which can 
be executed by the process P, i.e. 

Act(P) = {a e Act \{t}\3( Si s 2 ) E R} 

Process (12.21) is said to be finite, if its components S and R are finite 
sets. 

A finite process can be represented graphically as a diagram, in which 

• each state is represented by a circle in the diagram, and an identifier 
of this state can be written in this circle 

• each transition is represented by an arrow connecting beginning of this 
transition and its end, and a label of this transition is written on this 
arrow 

• an initial state is indicated in some way 

(for example, instead of the usual circle, a double circle is drawn) 

Examples of such diagrams contain in sections 12.2.21 and 12.2.31 

2.5 A concept of a trace 

Let P = (S, s°, R) be a process. 

A trace of the process P is a finite or infinite sequence 

ai, 02, • • ■ 

of elements of Act, such that there is a sequence of states of the process P 

S , Si, s 2 , . . . 

with the following properties: 
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• So coincides with the initial state s° of P 

• for each % > 1 the set R contains the transition 

a. 

Si " Sj_|_i 

A set of all traces of the process P we shall denote by Tr(P). 

2.6 Reachable and unreachable states 

Let P be a process of the form (I2.2p . 

A state s of the process P is said to be reachable, if s = s°, or there is 
a sequence of transitions of P, having the form 

ai a-2, a n 
So K Si , Si S2 , ... S n -\ S n 

in which n > 1, sq = s° and s n = s. 

A state is said to be unreachable, if it is not reachable. 
It is easy to see that after removing of all 

• unreachable states from S, and 

• transitions from R which does contain these unreachable states 

the resulting process P' (which is referred as a reachable part of the process 
P) will represent exactly the same behavior, which is represented by the 
process P. For this reason, we consider such processes P and P' as equal. 

2.7 Replacement of states 

Let 

• P be a process of the form (12.21) . 

• s be a state from S 

• s' be an arbitrary element, which does not belong to the set 5*. 



21 



Denote by P' a process, which is obtained from P by replacement s on s' in 
the sets and S R, i.e. every transition in R of the form 

a a 

s Si or Si >~ S 

is replaced by a transition 



respectively. 

As in the previous section, it is easy to see that P and P' represent the 
same behavior, and for this reason, we can consider such processes P and P' 
as equal. 

It is possible to replace not only one state, but arbitrary subset of states 
of the process P. Such a replacement can be represented as an assignment 
of a bijection of the form 

f:S->S' (2.4) 
and the result of such replacement is by definition a process P' of the form 

P'=(S',(s')°,R') (2.5) 

where 

. ( s ')° = /(s°), and 

• for each pair Si, S2 G S and each a G Act 

( Sl ^^s 2 )eR e> (f( Sl ) -2— f(s 2 )) eR'. 

Since the processes P and P' represent the same behavior, we can treat them 
as equal. 

In the literature on the theory of processes such processes P and P' some- 
times are said to be isomorphic. Bijection (12.41) with the above properties 
is called an isomorphism between P and P' . The process P' is said to be 
an isomorphic copy of the process P. 
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Chapter 3 

Operations on processes 



In this chapter we define several algebraic operations on the set of processes. 

3.1 Prefix action 

The first such operation is called a prefix action, this is an unary operation 
denoted by "a." , where a is an arbitrary element of Act. 
Let P = (S, s°, R) be a process and a e Act. 

An effect of the operation a. on the process P results to the process, which 
has the following components: 

• a set of states of a.P is obtained from S by an adding a new state s ^ S 

• an initial state of a.P is the added state s 

• a set of transitions of a.P is obtained from R by adding a new transition 
of the form 

a o 
S S 

The resulting process is denoted by 

a.P 

We illustrate an effect of this operation on the example of a vending 
machine presented at section 12.2.21 Denote the process, which represents a 
behavior of this automaton, by Pvm- 
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Extend the set of actions of the vending machine by a new input action 

enabled 

which means an enabling of this machine. 

The process enable?. P vm represents a behavior of the new vending ma- 
chine, which in the initial state can not 

• accept coins, 

• perceive pressing the button, and 

• output chocolates. 

The only thing that he can is to be enabled. After that, its behavior will 
be no different from that of the original machine. 

A graph representation of enable?. P vm has the following form: 




3.2 Empty process 

Among all the processes, there is one the most simple. This process has 
only one state, and has no transitions. To indicate such a process we use a 
constant (i.e. a 0-ary operation) 0. 

Returning to examples with vending machines, it can be said that the 
process represents a behavior of a broken vending machine, that is such a 
machine, which can not execute any action. 
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By applying the operations of prefix action to the process it is possible 
to define a behavior of more complex machines. Consider, for example, the 
following process: 

P = coin? .button? .chocolate\. 
A graph representation of this process is as follows: 

coin? *f si ) button? . ( T^ ) chocolate! , s ., 




This process defines a behavior of a vending machine, which serves exactly 
one customer, and after this breaks. 

3.3 Alternative composition 

Next operation on processes is a binary operation, which is called an alter- 
native composition. 

This operation is used in the case when, having a pair of processes Pi 
and P 2 , we must construct a process P, which will operate 

• either as the process Pi, 

• or as the process P 2 , 

and the choice of a process, according to which P will operate, can be deter- 
mined 

• either by P itself, 

• or by an environment in which P does operate. 
For example, if Pi and P 2 have the form 



P 1 = a? .P[ 
P 2 = f3? .P> 2 

and at the initial time an environment of P 

• can give P the object a, but 

• can not give P the object j3 



(3.1) 
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then P will choose a behavior which is only possible in this situation, i.e. 
will operate according to the process P±. 

Note that in this case it is chosen such a process, first action in which 
can be executed in the current time. After choosing of Pi, and execution of 
the action a ?, the process P is obliged to continue its work according to this 
choice, i.e. it will operate like P[. It is possible, that after execution of the 
action a? 

• P will not be able to execute any action, working in accordance with 

n 

• though at this time P will be able to execute an action, working in 
accordance with P' 2 . 

But at this time P can not change his choice (i.e. can not choose P' 2 
instead of P[). P can only wait until it will be possible to work in accordance 
with P{. 

If in the initial time the environment can give P both a and /3, then P 
chooses a process whereby it will work, 

• non-deterministically (i.e., arbitrarily), or 

• subject to some additional factors. 

The exact definition of the operation of alternative composition is as 
follows. 

Let Pi and P2 be processes of the form 

P i = (S i ,s° i ,R i ) (i = l,2) 

and the sets of states Si and S 2 have no common elements. 

An alternative composition of processes Pi and P 2 is a process 

Pi + P 2 = (S, s°,R) 

whose components are defined as follows. 

• S is obtained by adding to the union Si U S 2 a new state s°, which is 
an initial state of Pi + P 2 

• R contains all transitions from Pi and P 2 , and 
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• for each transition in R4 (i = 1, 2) 



R contains the transition 



If S\ and 5*2 have common elements, then to define a process Pi + P2 you 
first need to replace in S2 those states that are also in Si on new states, and 
also modify accordingly R 2 and s°. 

Consider, for example, vending machine which sells two types of drinks: 
cola and fanta, and 

• if a customer puts in a coin coin A, then the machine issues a glass of 
cola, and 

• if a customer puts in a coin coin_2, then a machine gives a glass of fanta 

with the machine is broken immediately after the sale of one glass of a drink. 
A behavior of this automaton is described by the following process: 

-Pdrink = coin.ll . colal . + , , 

+ coin.21 . fanta] .0 

Consider a graph representation of process (13.21) . 
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Graph representation of terms in the sum (13. 2p have the form 




According to a definition of an alternative composition, a graph represen- 
tation of process (13.21) is obtained by adding to the previous diagram a new 
state and the corresponding transitions, to result in the following diagram: 
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Since the states s w and s 20 are unreachable, it follows that it is possible 
to delete them and transitions associated with them, resulting in a diagram 




which is the desired graph representation of process (13. 2p . 

Consider another example. We describe an exchange machine, which can 
enter banknotes in denominations of 100 dollars. The machine shall issue 

• either 2 banknotes on 50 dollars, 

• or 10 banknotes on 10 dollars 

and the choice of method of an exchange is carried regardless of the wishes of 
the customer. Just after one session of an exchange the machine is broken. 

-^exchange 

= l-on_10001 .(2-on_500\ .0 + 10-on_100 \ .0) 

These two examples show that the operation of an alternative composition 
can be used to describe at least two fundamentally different situations. 

1. First, it can express a dependence of system behavior from the behavior 
of its environment. 
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For instance, in the case of a vending machine Pdrink a behavior of 
the machine is determined by an action of a purchaser, namely by a 
denomination of a coin, which a purchaser introduced into the machine. 

In this case, a process representing a behavior of the simulated vending 
machine is deterministic, i.e. its behavior is uniquely determined by 
input actions. 

2. In the second, on an example of a machine P ex change we see that for the 
same input action is possible different response of the machine. 

This is an example of a nondeterminism, i.e. an uncertainty of a 
behavior of a system. 

Uncertainty in a behavior of systems can occur by at least two reasons. 

(a) First, a behavior of systems may depend on random factors. 
These factors can be, for example, 

• failures in hardware, 

• conflicts in a computer network 

• absence of banknotes of required value at an ATM 

• or anything else 

(b) Second, a model is always some abstraction or simplification of a 
real system, and some of the factors influencing a behavior of this 
system may be eliminated from a consideration. 

In particular, on the example of P e xchange we see that a real reason of 
choosing of a variant of behavior of the machine can be not taken into 
account in the process, which is a model of a behavior of this machine. 

One can schematically represent the above variants of using alternative 
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composition as follows: 



Alternative 
composition 




Dependence 
on the input 

data 



Nondeter- 
minism 




Random 
factors 



Unknown 
factors 



3.4 Parallel composition 

The operation of parallel composition is used for building models of behavior 
of dynamic systems, composed of several communicating components. 

Before giving a formal definition of this operation, we will discuss the 
concept of parallel working of a pair of systems Sysi and S1/S2, which we 
consider as components of a system Sys, i.e. 

Sys = {Sys 1 ,Sys 2 } (3.3) 

Let processes Pi and P2 represent behaviors of the systems Sys\ and Sys2 
respectively. 

When the system Sysi (i = 1, 2) works as a part of the system Sys, its 
behavior is described by the same process Pj. 

Denote by {Pi, P2} a process, describing a behavior of (13. 3p . The purpose 
of this section is to find an explicit description of {Pi,p2} (i.e. to define a 
sets of its states and transitions). 

Here to simplify the exposition, we identify the concepts 

"a process P" , and 
"a system whose behavior is described by a process P" 

As noted above, an execution of arbitrary process can be interpreted as 
a bypassing of a graph corresponding to this process, with an execution of 
actions that are labels of passable edges. 

We shall assume that in passage of each edge s ►■ s' 
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• a transition from s to s' occurs instantaneously, and 

• an execution of the action a occurs precisely at the time of this transi- 
tion. 

In fact, an execution of each action occurs within a certain period of time, 
but we shall assume that for each traversed edge s — — - s' 

• before the completion of an execution of the action a the process P is 
in the state s, and 

• after the completion of an execution of a the process P instantly trans- 
forms into the state s'. 

Since an execution of various actions has different durations, then we will 
assume that the process P is in each state an indefinite period of time during 
its execution. 

Thus, an execution of the process P consists of an alternation of the 
following two activities: 

• waiting for an indefinite period of time in one of the states, and 

• instantaneous transition from one state to another. 
Waiting in one of the states can occur 

• not only because there is an execution of some action at this time, 

• but also because the process P can not perform any action at this time. 
For example, if 

• P = a7.P', and 

• in the initial time there is no a process who can give P an oblect with 
the name a 

then P would wait until some process will give him an oblect with the name 
a. 

As we know, for each process 

• its actions are either input, or output, or internal, and 
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• each input or output action is a result of a communication of this 
process with other process. 

Each input or output action of the process Pj (i — 1,2) 

• either is a result of communication of p with a process outside of the 
set {P,P 2 }, 

• or is a result of communication of Pi with the process Pj, where j G 
{1,2}\{0- 

From the point of view of the process {Pi, P2}, actions of the second type 
are internal actions of this process, because they 

• are not a result of a communication of the process {Pi,P 2 } with its 
environment, and 

• are the result of communication between the components of this pro- 
cess. 

Thus, each step of the process {Pi, P 2 } 

(a) either is a result of a comminication of one of the processes Pi (i = 1, 2) 
with a process outside of {Pi, P 2 }, 

(b) or is an internal action of Pi or P 2 , 

(c) or is an internal action, which is a result of a communication of Pi and 
P 2 , and this communication has the following form: 

- one of these processes, say P, passes to another process Pj (j G 
{1, 2} \ {i}) some object, and 

- the process Pj at the same time takes this object from the process 
P 

(This kind of a communication is called a synchronous communica- 
tion, or a handshaking). 

Each possible variant of a behavior of the process p {i = 1,2) can be 
associated with a thread denoted by the symbol <Tj. A thread is a vertical 
line, on which there are drawn points with labels, where 
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• labels of points represent actions executed by the process P i} and 

• labelled points are arranged in a chronological order, i.e. 

— first point is labelled by a first action of the process Pi, 

— second point (which is located under the first point) is labelled by 
a second action of the process Pi, 

— etc. 

For each labelled point p on the thread, we denote by act(p) a label of 
this point. 

Assume that there is drawn on a plane a couple of parallel threads 

o x °2 (3.4) 

where Oi {% = 1, 2) represents a possible variant of a behavior of the process 
Pi in the process {Pi, P2}. 

Consider those labelled points on the threads from ( 13. 4p . which corre- 
spond to actions of the type (c), i.e. to communications of processes Pi and 
P2- Let p be one of such points, and, for example, it is on the thread o\. 

According to the definition of a communication, at the same time, in 
which there is executed the action act(p), the process P2 executes a comple- 
mentary action, i.e. there is a point p' on the thread o<i, such that 

• act{p') = act{p), and 

• actions act(p) and act(p') execute at the same time. 
Note that 

• in the thread 02 may be several points with the label act(p), but exactly 
one of these points corresponds to the action, which is executed jointly 
with the action corresponding to the point p, and 

• in the thread a\ may be several points with the label act(p), but exactly 
one of these points corresponds to the action, which is executed jointly 
with the action corresponding to the point p' . 

Transform our diagram of threads (13. 4p as follows: for each pair of points 
p, p' with the above properties 
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• join the points p and p' by an arrow, 

— the start of which is the one of these points, which has a label of 
the form a !, and 

— the end of which is another of these points 

• draw a label a on this arrow, and 

• replace labels of the points p and p' on r. 

The arrow from p to p' is called a synchronization arrow. Such arrows 
usually are drawn horizontally. 

After such changes for all pairs of points, which are labelled by actions of 
the type (c), we will obtain a diagram, which is called a Message Sequence 
Chart (MSC). This diagram represents one of possible variants of execution 
of the process {Pi, P 2 }. 

We shall denote a set of all MSCs, each of which corresponds to some 
variant of execution of the process {Pi, P 2 }, as 

Beh{P 1 ,P 2 } 

Consider the following example of a process of the form {Pi, P 2 }: 

• Pi is a model of a vending machine, whose behavior is given by 

Pi = com?. chocolatel.O (3.5) 
(i.e., the machine gets a coin, gives a chocolate, and then breaks) 

• P2 is a model of a customer, whose behavior is given by 

P 2 = com!, chocolated. (3.6) 

(i.e., the customer drops a coin, receives a chocolate, and then ceases 
to function as customer). 
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Threads of these processes have the form 




If all actions on these threads are actions of the type (c), then this diagram 
can be transformed into the following MSC: 




However, it is possible the following variant of execution of the process 
{Pi.ft}: 

• first actions of Pi and P 2 are of the type (c), i.e. the customer drops a 
coin, and the machine accepts the coin 

• second action of automaton P 1 is a communication with a process that 
is external with respect to {Pi, P 2 } 

(that is, for example, a thief walked up to the machine, and took a 
chocolate, before than the customer P 2 was able to take it) 

In this situation, the customer can not execute a second action as an internal 
action of {Pi, P 2 }. According to a description of the process P 2 , in this case 
two variants of behavior of the customer are possible. 
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1. The customer will be in a state of endless waiting. 
The corresponding MSC has the form 



com 



chocolate 



2. The customer will be able successfully complete its work. 

This would be the case if some process external to to {Pi, P 2 } will give 
a chocolate to the customer. 

The corresponding MSC has the form 



com 



chocolate \J 



chocolated 



Now consider the general question: how a process of the form {Pi,P 2 } 
can be defined explicitly, i.e. in terms of states and transitions. 

At first glance, this question is incorrect, because {Pi,P 2 } must be a 
model of a parallel execution of the processes Pi and P 2 , in which 

• it can be possible a simultaneous execution of actions by both processes 
A, P 2 , 
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• and, therefore, the process {Pi, P 2 } can execute such actions, which are 
pairs of actions from the set Act, which can not belong to the set Act 
(by assumption). 

Note on this, that absolute simultaneity holds only for those pairs of 
actions that generate an internal action of the process {PijPj} °f the type 
(c). 

For all other pairs of actions of the processes Pi and P2, even if they oc- 
curred simultaneously (in terms of external observer), we can assume without 
loss of generality, that one of them happened a little earlier or a little later 
than another. 

Thus, we can assume that the process {Pi,P 2 } executes consequentially, 
i.e. under any variant of an execution of the process {Pi, P2} actions executed 
by them form some linearly ordered sequence 

tr = (acti, act 2 , . . .) (3.7) 

in which the actions are ordered by the time of their execution: at first it 
was executed acti, then - act 2 , etc. 

Because each possible variant of an execution of the process {Pi, P 2 } can 
be represented by a MSC, then we can assume that sequence (13 .7p can be 
obtained by some linearization of this MSC (i.e., by "pulling" it in a chain). 

For a definition of a linearization of a MSC we introduce some auxiliary 
concepts and notations. 

Let C be a MCS. Then 

• PointsiC) denotes a set of all points belonging to the MSC C, 

• for each point p 6 Points(C) act(p) denotes an action, ascribed to 
the point p 

• for each pair of points p, p' G Points(C) the formula 

p — > p 

means that one of the following conditions does hold: 

— p and p' are in the same thread, and p' is lower than p, or 

— there is a synchronization arrow from p to p' 
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• for each pair of points p,p' G Points(C) the formula 

p < p' 

means that either p = p', or there is a sequence of points Pi, ■ ■ ■ ,Pk, 
such that 

- P=Pi, p' = Pk 

— for each i — 1, . . . , k — 1 Pi+i 

The relation < on points of a MSC can be regarded as a relation of a 
chronological order, i.e. the formula p < p' can be interpreted as stating that 

• the points p and p' are the same or connected by a synchronization 
arrow 

(i.e. actions in p and p' coincide) 

• or an action in the p' occurred later than there was an action in the p. 

The exact definition of a linearization of a MSC has the following form. 
Let 

• C be a MSC, 

• tr be a sequence of actions of the form (13. 7p . and 

• Ind(tr) be a set of indices of elements of the sequence tr, i.e. 

Ind(tr) = {1,2,...} 
(this set can be finite or infinite) 

The sequence tr is called a linearization of the MSC C, if there is a 
surjective mapping 

lin : Points(C) — > Ind(tr) 
satisfying the following conditions. 

1. for each pair p,p' e Points(C) 

p < p' lin(p) < lin(p') 
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2. for each pair p,p' G Point s(C) the equality 

lin(p) = lin(p) 

holds if and only if 

• p = p', or 

• there is a synchronization arrow from p to p' 

3. Vp G PointsiC) act(p) = actu n ( p y 
i.e. the mapping lin 

• preserves the chronological order 

• identifies those points of the MSC C, which correspond to one action 
of {P u P 2 }, and 

• does not identify any other points. 

Denote by Lin(C) the set of all linearizations of the MSC C . 
Now the problem of explicit description of the process {Px,P%} can be 
formulated as follows: construct a process P, satisfying the condition 

Tr(P) = |J Lin(C) (3.8) 

C£Beh{P 1 ,P 2 } 

i.e. in the process P should be represented all linearizations of any possible 
joint behavior of processes Pi and Pi. 

Condition ( 13 . 8H is justified by the following consideration: because we do 
not know 

• how clocks in the processes Pi and P? are related, and 

• what is a length of a stay in each state in which these processes fall 

then we must take into account every possible order of an execution of actions, 
which does not contradict to the relation of a chronological order. 

Begin the construction of a process P, satisfying condition (13. 8p . 

Let the processes Pi and P2 have the form 

P i = (S i ,s° i ,R i ) (i = l,2) 
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Consider any linearization tr of an arbitrary MSC from Beh{Pi, P 2 } 

tr = (a 1 , a 2 , ...) 

Draw a line, which will be interpreted as a scale of time. Select on this 
line points pi, P2, ■ ■ ■ labelled by the actions ai, a 2 , ■ ■ ■ respectively, such that 
these actions are located on the line in the same order in which they are 
listed in tr. 

Let the symbols J , I± : I 2 , ■ ■ . denote the following sections of this line: 

• Jo is the set of all points of the line before the point p±, i.e. 

I = }- oo,pi[ 

• for each % > 1 the plot U consists of points between pi and i.e. 

h = ]Pi,Pi+i[ 

Each of these sections can be interpreted as an interval of time during which 
the process P does not perform any action, i.e. at times between pi and pi+i 
the processes Pi and P 2 are in fixed states (si)j and (s 2 )i, respectively. 

Denote by Sj the pair (s 2 )i). This pair can be interpreted as a state 

of the process P, in which he is at each time from the interval Jj. 

By the definition of the sequence tr, we have one of two situations. 

1. The action has a type (a) or (b), i.e. was executed by one of the 
processes included in P. 

There are two cases. 

(a) The action ai was executed by the process P\. 

In this case we have the following relation between the states Sj 
and s i+1 : 

• (si)i ' G Ri 

• (S2W1 = {s 2 )i 

(b) The action was executed by the process P 2 . 

In this case we have the following relation between the states Sj 
and Sj + i: 
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• (s 2 )i > (s 2 ) i+ i g i? 2 

• (Sl)i+l = (Si)i 

2. The action is of the type (c). 

In this case we have the following relation between the states s« and 

• (si)i — — - (si)i+i e Ri 

• (s 2 )i — ^— - (s 2 )i+i e ^2 

for some a G Act \ {t}. 

The above properties of the sequence tr can be reformulated as follows: 
tr is a trace of the process 

(S,s°,R) (3.9) 
whose components are defined as follows: 

• S d = S ± x S 2 d = {(si, s 2 ) | Si G S u s 2 G 

• s° ¥ S §) 

• for 

— each transition S\ — — - s[ from Ri, and 

- each state s G S 2 

R contains the transition 

(si,s) — ^— (si,s) 

• for 

— each transition s 2 — — - s' 2 from R 2 , and 

- each state s E Si 

R contains the transition 

(s,s 2 ) — ^— (s,s' 2 ) 
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• for each pair of transitions with complementary labels 



a 



e Ri 
e R 2 



s 



(I 



R contains the transition 



(si,s 2 ) 



T 




It is easy to show the converse: each trace of process (13.91) is a linearization 
of some MSC C from the set Beh{P u P 2 }. 

Thus, an explicit representation of the process P = {Pi,P 2 } can be de- 
fined as process (13.91) . This process is called a parallel composition of the 

processes Pi and P 2 , an is denoted as 



We give an example of the process Pi \ P 2 , in the case where the processes 
Pi and P 2 represent behaviors of a vending machine and a customer (see 



Pl\P2 



( jSID and flU}). 



A graph representation of these processes have the form 





coin? 



coml 





chocolatel 



chocolate ? 
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A graph representation of the process Pi|P 2 has the form 




Note that a size of the set of states of Pi |P 2 is equal to a product of sizes of 
sets of states of Pi and P 2 . Thus, a size of a description of the process P\ \ P 2 
may substantially exceed the total complexity of sizes of descriptions of its 
components, Pi and P 2 . This may make impossible to analyze this process, 
if it is represented in an explicit form, because of its high complexity. 

Therefore, in practical problems of an analysis of processes of the form 
Pi | P 2 , instead of an explicit construction of P x | P 2 there is constructed a 
process, in which each MSC from Beh{Px, P 2 } 

• is not represented by all possible linearizations, but 

• is represented by at least one linearization. 

A complexity of such process can be significantly less in comparison with a 
complexity of the process Pi|P 2 . 

A construction of a process of this kind makes sense, for example, if 
an analyzed property if of the process Pi | P 2 has the following quality: for 
arbitrary C E Beh{P 1 ,P 2 } 

• if if holds for one of linearizations of C, 
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• then ip holds for all linearizations of C. 

Typically, a process in which each MSC from Beh{Pi, P 2 } is represented 
by at least one linearization, is constructed as a certain subprocess of the 
process P\\P2, i.e. is obtained from P\\P2 by removing of some states and 
associated transitions. Therefore, such processes are said to be reduced. 

The problem of constructing of reduced processes is called a partial or- 
der reduction. This problem has been intensively studied by many leading 
experts in the field of verification. 

Consider, for example, a reduced process for the above process Pi\ P 2 , 
consisting of a vending machine and the customer. 




In conclusion, we note that the problem of analyzing of processes consist- 
ing of several communicating components, most often arises in situations 
where such components are computer programs and hardware devices of a 
computer system. A communication between programs in such system is im- 
plemented by mediators, i.e. by certain processes which can communicate 
synchronously with programs. 

Communications between programs are usually implemented by the fol- 
lowing two ways. 

1. Communication through shared memory. 
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In this case, mediators are memory cells accessed by both programs. 

A communication in this case can be implemented as follows: one pro- 
gram writes an information in these cells, and other program reads 
contents of cells. 

2. Communicaton by sending messages. 

In this mediator is a channel, which can be used by programs 

for the following actions: 

• sending a message to the channel, and 

• receiving of a message from the channel. 

The channel may be implemented as a buffer storing several messages. 
Messages in the channel can be organized on the principle of queue 
(i.e., messages leave the channel in the same order in which they had 
come). 

3.5 Restriction 

Let 

• P = (S, s°, R) be a process, and 

• L be a subset of the set Names. 

A restriction of P with respect to L is the process 

P\L — (S, s°, R!) 

which is obtained from P by removing of those transitions that have labels 
with the names from L, i.e. 



R "M\ (s — s')eR 



a = t, or 
name(a) L 



As a rule, the operation of a restriction is used together with the operation 
of parallel composition, for representation of processes that 

• consist of several communicating components, and 
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a communication between these components must satisfy certain re- 
strictions. 



For example, let processes Pi and P 2 represent a behavior of a vending 
machine and a customer respectively, which were discussed in the previous 
section. 

We would like to describe a process, which is a model of such parallel 
execution of processes Pi and P2, at which these processes can execute actions 
associated with buying and selling of a chocolate only jointly. 

The desired process can be obtained by an application to the process 
P1IP2 the operation of a restriction with respect to the set of names of all 
actions related to buying and selling of a chocolate. This process is described 
by the expression 

P A ^ (PijPa) \ {com, chocolate} (3.10) 
A graph representation of process f l3.10p has the form 



SlO,S 2 (SlO,S 2 l) (Sio,S 2 2 
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Consider another example. Change a definition of a vending machine and 
a customer: let them also to send a signal indicating successful completion 
of their work. For example, these processes may have the following form: 



Pi = f coin? . chocolate!. clankl.O 
P? = f coinl. chocolate? . hurrahl.O 



In this graph representation of process (13.101) . after a removal of 

unreachable states, has the form 




clank ! 



hurrah ! 



clank ! 



hurrah ! 



This process allows execution only those non-internal actions that are not 
related to buying and selling a chocolate. 
Note that in this case 

• in process f 1 3 . 1 j) a nondeterminism is present, although 

• in the components of Pi and Pj a nondeterminism is absent. 



The cause of a nondeterminism in ( I3.10P is our incomplete knowledge about 
the simulated system: because we do not have a precise knowledge about a 
duration of actions clankl and hurrahl, then the model of the system should 
allow any order of execution of these actions. 



3.6 Renaming 



The last operation that we consider is an unary operation, which is called a 
renaming. 

To define this operation, it is necessary to define a mapping of the form 



/ : Names — > Names 



(3.11) 
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An effect of the operation of renaming on process P is changing labels of 
transitions of P: 

• any label of the form a ? is replaced on f(a) ?, and 

• any label of the form a ! is replaced on f{a) ! 

The resulting process is denoted by P[f\. 

We shall refer any mapping of the form ( 13. lip also as a renaming. 
If a renaming / acts non-identically only on the names 

Qfl, ... i Oi n 

and maps them to the names 

Pi, . . . , p n 

respectively, then the process P[f] can be denoted also as 

P\fii/ai, . . .,/3 n /a n ] 

The operation of renaming can be used, for example, in the following 
situation: this operation allows to use several copies of a process P as dif- 
ferent components in constructing of a more complex process P' . Renaming 
serves for prevention of collisions between names of actions used in different 
occurrences of P in P' . 

3.7 Properties of operations on processes 

In this section we give some elementary properties of defined above operations 
on processes. All these properties have a form of equalities. For the first two 
properties, we give their proof, other properties are listed without comments 
in view of their evidence. 

Recall (see section I2TT1) . that we consider two processes as equal, if 

• they are isomorphic, or 

• one of these processes can be obtained from another by removing some 
of unreachable states and transitions which contain unreachable states. 
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1. Operation + is associative, i.e. for any processes Pi, P 2 and P 3 the 
following equality holds: 

(Pi + P a ) +P 3 = P 1 + (P 2 + P 3 ) (3.12) 

Indeed, let the processes Pj (i — 1, 2, 3) have the form 

Pi^iS^slRi) (2 = 1,2,3) (3.13) 

and their sets of states Si, £2 and S3 are pairwise disjoint. Then both 
sides of equality (13. 12|) are equal to the process P = (S, s°, P), whose 
components are defined as follows: 

• S = Si U S 2 U S 3 U {s }, where s° is a new state 
(which does not belong to Si, S2 and S3) 

• R contains all transitions from P l5 R 2 and P3 

• for each transition from Pj (i — 1, 2, 3) of the form 



R contains the transition s° s 

The property of associativity of the operation + allows to use expres- 
sions of the form 

Pi + ... + P n (3.14) 

because for any parenthesization of the expression (13.141) we shall get 
one and the same process. 

A process, which is a value of expression (13. 14j) can be described ex- 
plicitly as follows. 

Let the processes p {i = 1, . . . , n) have the form 

P i = (S l ,s° i ,R i ) (i = l,...,n) (3.15) 

with the sets of states Si, . . . , S n are pairwise disjoint. Then a process, 
which is a value of the expression (13. 14j) . has the form 

P=(S,s°,P) 

where the components S,s°,R are defined as follows: 
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S = Si U . . . U S n U {s }, where s° is a new state 
(which does not belong to Si . . . , S n ) 

R contains all transitions from Pi, . . . , R n 

for each transition from Rj (i — 1, . . . , n) of the form 



s° 



R contains the transition s° — - — ►- s 

2. The operation | is associative, i.e. for any processes Pi, P 2 and P 3 the 
following equality holds: 

(Pi|P 2 )|P 3 = Pi|(P 2 |P 3 ) (3.16) 

Indeed, let the processes Pj (i = 1,2,3) have the form (13. 13[) . Then 
both sides of (13 . 161) are equal to the process P = (S,s°,R) whose 
components are defined as follows: 

• S ^ Si x S 2 x S 3 d ^ 

= {(si, s 2 , s 3 ) I si 6 Si, s 2 G S 2 , s 3 G 

. S ° d ^ f ( S ?, S °,^) 

• for 

— each transition si — - — ►- s[ from Pi, and 

— each pair of states s 2 G S 2 , s 3 G ^ 
P contains the transition 

(si,s 2 ,s 3 ) » (si,s 2 ,s 3 ) 

• for 

— each transition s 2 — - — >- s 2 from P 2 , and 

— each pair of states Si G Si, S3 G S3 
P contains the transition 

(si,s 2) s 3 ) — ^— (si,s' 2 ,s 3 ) 

• for 
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— each transition s 3 — — - s' 3 from R 3 , and 

— each pair of states Si G Si, s 2 G S 2 
R contains the transition 

(s 1 ,s 2 ,s 3 ) — 2 — (si,s 2 ,s' 3 ) 

for 

— each pair of transitions with complementary labels 

Si — ^— - s' x G i?i 
s 2 *- s 2 G R 2 

and 

— each state S3 G S'3 

i? contains the transition 

(si,s 2 ,s 3 ) (s'^s^ss) 

for 

— each pair of transitions with complementary labels 

Si — ^— - s' x G Ri 

s 3 — s 3 G i? 3 

and 

— each state s 2 G S 2 

i? contains the transition 

(S1,S 2 ,S 3 ) —J— (s'^S^Sg) 

for 

— each pair of transitions with complementary labels 

s 2 — ^— s 2 G R 2 

s 3 — 2— s 3 G i? 3 

and 

— each state Si G Si 
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R contains the transition 



(Sl) s 2, S3) 



T 



(si, s 2 , s 3 



The property of associativity of the operation | allows to use expres- 
sions of the form 



because for any parenthesization of the expression (13.171) we shall get 
one and the same process. 

A process, which is a value of expression ( 13.1 7\i can be described ex- 
plicitly as follows. 

Let the processes Pj (i = 1, . . . , n) have the form (13.151) . Then a process, 
which is a value of the expression (I3.17p . has the form 



Pi 



n 



(3.17) 



P = (S,s°,R) 



where the components S,s°,R are defined as follows: 




each transition s« 
each list of states 



a 



s[ from Ri, and 



. . . , Si— 1 , Sj_|_i 



where V j £ {1, . . . , n) Sj 6 Sj 
R contains the transition 



(si,...,s n ) 



a 




• for 



each pair of indices 



i, j G {1, . . . , n}, where % < j 
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each pair of transitions with complementary labels of the form 

Si - s e Ri 



Sj —2— s$ G 

and 

— each list of states 

S\) ■ ■ ■ i Si— >Sj_|_i, . . . , Sj—ij Sj-^ij . . . , s n 

where V k G {1, . . . , n} Sk G Sk 
R contains the transition 

/ \ t ( s i, . . . , Si— i, Sj, Sj+l, . . . , Sj— i, Sj, \ 

[Si, ... , S n ) » I 

V S J+1' ■ ■ ■ yS n ) 

3. The operation + is commutative, i.e. for any processes P\ and P2 the 
following equality holds: 

Pi + P2 = P2 + Pi 

4. The operation | is commutative, i.e. for any processes Pi and P2 the 
following equality holds: 

Pi I Pi = Pi I Pi 

5. is a neutral element with respect to the operation | : 

P\0 = P 

The operation + has a similar property, in this property there is used 
a concept of strong equivalence of processes (defined below) instead 
of equality of processes . This property, as well as the property of 
idempotency of the operation + are proved in section H~5l (theorem HJ) . 

6. 0\L = 

7. 0[/] = 

8. P \ L = P, if L n names(Act(P)) = 0. 

(recall that Act(P) denotes a set of actions a G Act \ {r}, such that P 
contains a transition with the label a) 
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9. (a.P)\L 



0, if a 7^ r and name(a) G L 
a. (P\L), otherwise 



10. (P + P 2 )\L = {P 1 \ L) + (P 2 \ L) 

11. (P 1 |P 2 )\L = (P 1 \L)|(P 2 \L),if 



L n names(Act(Pi) n Act(-P 2 )) = 

12. (P\L 1 )\L 2 = P\(L 1 UL 2 ) 

13. P\f]\L = {P\f-\L))[f] 

14. P[id] = P, where ic? is an identity function 

15. P[f] = P[g], if restrictions of functions / and g on the set names(Act(P)) 
are equal. 

16. (a.P)[f] = f(a).(P[f]) 

17. ( Pl + P 2 )[f] = p[f] + P 2 [f] 

18. (Pi | P 2 )[/] = Pi[/] | P 2 [/], if a restriction of / on the set 

names(Act(P 1 ) U Act(P 2 )) 
is an injective mapping. 

19. (P \ = P[f] \ f(L), if the mapping / is an injective mapping. 

20. P[f]\g] = P\gof] 
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Chapter 4 

Equivalences of processes 



4.1 A concept of an equivalence of processes 

The same behavior can be represented by different processes. For example, 
consider two processes: 




The first process has only one state, and the second has infinite set of 
states, but these processes represent the similar behavior, which consists of 
a perpetual execution of the actions a. 

One of important problems in the theory of processes consists of a finding 
of an appropriate definition of equivalence of processes, such that processes 
are equivalent according to this definition if and only if they represent a 
similar behavior. 

In this chapter we present several definitions of equivalence of processes. 
In every particular situation a choice of an appropriate variant of the concept 
of equivalence of processes should be determined by a particular understand- 
ing (i.e. related to this situation) of a similarity of a behavior of processes. 

In sections 14.21 and 14.31 we introduce concepts of trace equivalence and 
strong equivalence of processes. These concepts are used in situations where 
all actions executing in the processes that have equal status. 
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In sections 14.81 and 1431 we consider other variants of the concept of equiva- 
lence of processes: namely, observational equivalence and observational con- 
gruence. These concepts are used in situations when we consider the invisible 
action r as negligible, i.e. when we assume that two traces are equivalent, if 
one of them can be obtained from another by insertions and/or deletions of 
r. 

With each possible definition of equivalence of processes there are related 
two natural problems. 

1. Recognition for two given processes, whether they are equivalent. 

2. Construction for a given process P such a process P', which is the least 
complicated (for example, has a minimum number of states) among all 
processes that are equivalent to P. 

4.2 Trace equivalence of processes 

As mentioned above, we would like to consider two processes as equivalent, 
if they describe a same behavior. So, if we consider a behavior of a process 
as a generation of a trace, then one of necessary conditions of equivalence of 
processes Pi and P2 is coincidence of sets of their traces: 

Tr(Pi) = Tr(P 2 ) (4.1) 

In some situations, condition ( 14 .ip can be used as a definition of equiva- 
lence of Pi and P2. 

However, the following example shows that this condition does not reflect 
one important aspect of an execution of processes. 
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Sets of traces of these processes are equal: 



Tr(Pi) = Tr(P 2 ) = {e,a,ab,ac} 



(where e is an empty sequence). 

However, these processes have the following essential difference: 

• in the left process, after execution of a first action (a) there is a possi- 
bility to choose next action (b or c), while 

• in the right process, after execution of a first action there is no such 
possibility: 

— if a first transition occurred on the left edge, then a second action 
can only be the action b, and 

— if a first transition occurred on the right edge, then a second action 
can only be the action c 

i.e. a second action was predetermined before execution of a first action. 

If we do not wish to consider these processes as equivalent, then condition 
(14.11) must be enhanced in some a way. One version of such enhancement is 
described below. In order to formulate it, define the notion of a trace from 
a state of a process. 

Each variant of an execution of a process P = (S, s°, R) we interpret as 
a generation of a sequence of transitions 



starting from the initial state s° (i.e. Sq = s°). 

We can consider a generation of sequence (14.31) not only from the initial 
state s°, but from arbitrary state s G S, i.e. consider a sequence of the form 
(14.31) . in which s = s. The sequence (ai, a%, . . .) of labels of these transitions 
we shall call a trace starting at s. A set of all such traces we denote by 




Pi — {Si, s. 



■iRi) (i = l,2) 



Consider a finite sequence of transitions of Pi of the form 



i — s o 



s 



n 



(n > 0) 



(4.4) 



58 



(the case n = corresponds to the empty sequence of transitions (I4.4p . in 
which s n = s®). 

The sequence (I4.4p can be considered as an initial phase of execution 
of the process Pi, and every trace from Tr Sn (Pi) can be considered as a 
continuation of this phase. 

The processes Pi and P2 are said to be trace equivalent, if 

• for each initial phase (14.41) of an execution of the process Pi there is an 
initial phase of an execution of the process P2 

s°2 = s'o — s[ ... s' n (4.5) 

with the following properties: 

— (I4.5P has the same trace a± . . . a n , as (I4.4p . and 

— at the end of (14. 5p there is the same choice of further execution 
that at the end of (I4.4p . i.e. 

Tr Sn (P 1 ) = Tr s , n (P 2 ) (4.6) 

• and a symmetrical condition holds: for each sequence of transitions of 
P2 of the form (14. 5 p there is a sequence of transitions of Pi of the form 
( H2!) , such that gj]) holds. 

These conditions have the following disadvantage: they contain 

• unlimited sets of sequences of transitions of the form (I4.4p and (14. 5p . 
and 

• unlimited sets of traces from (14. 6p . 

Therefore, checking of these conditions seems to be difficult even when the 
processes Pi and P 2 are finite. 

There is a problem of finding of necessary and sufficient conditions of 
trace equivalency, that can be algorithmically checked for given processes Pi 
and P2 in the case when these processes are finite. 

Sometimes there is considered an equivalence between processes which is 
obtained from the trace equivalence by a replacement of condition (14 .6p on 
the weaker condition: 

Act(s n ) = Act(s' n ) 

where for each state s Act(s) denotes a set all actions a e Act, such that 
there is a transition starting at s with the label a. 
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4.3 Strong equivalence 

Another variant of the concept of equivalence of processes is strong equiv- 
alence. To define the concept of strong equivalence, we introduce auxiliary 
notations. 

After the process 

P=(S,s°,R) (4.7) 

has executed its first action, and turn to a new state s 1 , its behavior will be 
indistinguishable from a behavior of the process 

P' = (S,s\R) (4.8) 

having the same components as P, except of an initial state. 
We shall consider the diagram 

P P' (4.9) 

as an abridged notation of the statement that 

• P and P' are processes of the form (14. 7p . and (14. 8[) respectively, and 

• R contains the transition s° — - — ►- s 1 . 

(14. 9 ft can be interpreted as a statement that the process P can 

• execute the action a, and then 

• behave like the process P' . 

A concept of strong equivalence is based on the following understanding 
of equivalence of processes: if we consider processes Pi and P 2 as equivalent, 
then it must be satisfied the following condition: 

• if one of these processes Pi can 

— execute some action a G Act, 

— and then behave like some process P/ 

• then the other process Pj (j G {1, 2} \ {i}) also must be able 

— execute the same action a, 
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— and then behave like some process P-, which is equivalent to P[. 

Thus, the desired equivalence must be a a binary relation \i on the set of 
all processes, the following properties. 

(1) If (Pi,P 2 ) G /i, and 

Pi —2— P[ (4.10) 
for some process P{, then there is a process P' 2 , such that 

P 2 — P^ (4.11) 

and 

(P^P^e/i (4.12) 

(2) symmetric property: if {P\,P2) G /i, and for some process P' 2 (14.111) 
holds, then there is a process P[, such that (I4.10p and (I4.12p hold. 

Denote by the symbol Ai a set of all binary relations, which possess the 
above properties. 

The set Ai is nonempty: it contains, for example, a diagonal relation, 
which consists of all pairs of the form (P, P), where P is an arbitrary process. 

The question naturally arises: which of the relations from Ai can be used 
for a definition of strong equivalence? 

We suggest the most simple answer to that question: we will consider Pi 
and P 2 as strongly equivalent if and only if there exists at least one relation 
\i G Ai, which contains the pair (Pi, P 2 ). 

Thus, we define the desired relation of strong equivalence on the set of 
all processes as the union of all relations from Ai. This relation is denoted 
by ~. 

It is not so difficult to prove that 

• ~ G Ai, and 

• ~ is an equivalence relation, because 

— reflexivity of ~ follows from the fact that the diagonal relation 
belongs to Ai, 

— symmetry of ~ follows from the fact that if // £ Ai, then /i -1 e Ai 

— transitivity of ~ follows from the fact that if fii G Ai and /12 G Ai, 
then iii o i_i 2 G Ai. 
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If processes Pi and P 2 are strongly equivalent, then this fact is denoted 



by 



Pi ~ P 2 



It is easy to prove that if processes Pi and P 2 are strongly equivalent they 
they are trace equivalent. 

To illustrate the concept of strong equivalence we give a couple of exam- 
ples. 

1. The processes 





(4.13) 



are not strongly equivalent, because they are not trace equivalent. 
2. Processes 





are strongly equivalent. 
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4.4 Criteria of strong equivalence 

4.4.1 A logical criterion of strong equivalence 

Let Fm be a set of formulas defined as follows. 

• The symbols T and _L are formulas from Fm. 

• If ip G Fm, then -up G Fm. 

• If ip G -Fm and ^ G Fm, then p Aip E Fm. 

• If </? G Fm, and a G Act, then (a)</? G Fm. 

Let P be a process, and </? G Fm. A value of the formula ip on the 
process P is an element P((p) of the set {0, 1} defined as follows. 

• P(T) = 1, P(±) = 
. P(^) = 1 - F(v?) 

• P(y? A V) = f P{p) ■ P(i/>) 



P((a)p) d ^ 



1, if there is a process P' : 

P — P< , P'(^) = 1 
0, otherwise 



A theory of the process P is a subset Th(P) C Fm, defined as follows: 
Th(P) = {peFm\ P(p) = 1} 

Theorem 1. 

Let Pi and P 2 be finite processes. Then 

P 1 ~ P 2 ^ T^(Pi) = 77i(P 2 ) 

Proof. 

Let Pi ~ P 2 . The statement that for each </? G Fm the equality Pi(y?) = 
P 2 (y?) holds, can be proven by induction on the structure of p. 
Prove the implication "-<=" . Suppose that 

T/i(Pi) = 77i(P 2 ) (4.14) 
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Let n be a binary relation on the set of all processes, defined as follows: 
/i d ^{(P 1; P 2 ) \Th(P 1 ) = Th(P 2 )} 

We prove that fi satisfies the definition of strong equivalence. Let this 
does not hold, that is, for example, for some a £ Act 

(a) there is a process P{, such that 

P x —5— P[ 

(b) but there is no a process P 2 , such that 

P 2 — P' 2 (4.15) 

and Th(P{) = Th(P£). 
Condition (b) can be satisfied in two situations: 

1. There is no a process P 2 , such that (14. 15|) holds. 

2. There exists a process P 2 , such that (I4.15P holds, but for each such 
process P' 2 

Th{P[) ± Th(P^) 

We show that in both these situations there is a formula ip £ Fm, such that 

P 1 (i P ) = 1, P 2 (ip) = 
that would be contrary to assumption (j4.14p . 

1. If the first situation holds, then we can take as (p the formula (a)T. 

2. Assume that the second situation holds. Let 

pi pi 

r 2,li • • • ' r 2,n 

be a list of all processes P 2 satisfying (14.151) . 

By assumption, for each i — 1, . . . , n, the inequality 

Th(P[) ? Th(P> tl ) 

holds, i.e. for each % — 1, . . . , n there is a formula tpt, such that 

pi((Pi) = i, p 2 m) = ® 

In this situation, we can take as the formula (a)((pi A ... A ip n ). ■ 
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For example, let Pi and P 2 be processes (j4.13p . As stated above, these 
processes are not strongly equivalent. The following formula can be taken as 
a justification of the statement that Pi ^ P 2 . 

^ f (a)«6>TA(c>T) 

It is easy to prove that Pi(f) = 1 and P 2 (tp) = 0. 

There is a problem of finding for two given processes Pi and P2 a list of 
formulas of a smallest size 

such that Pi ~ P 2 if and only if 

Vi = l,...,n Pi(ipi) = P 2 ((pi) 

4.4.2 A criterion of strong equivalence, based on the 
notion of a bisimulation 

Theorem 2. 

Let Pi and P 2 be a couple of processes of the form 

P i =(S i ,s° i ,R i ) (i = 1,2) 
Then Pi ~ P 2 if and only if there is a relation 

satisfying the following conditions. 

0. ( s ?, s o) e^. 

1. For each pair (si, S2) € \i and each transition from Ri of the form 



there is a transition from P 2 of the form 



such that (s'i, s 2 ) G 11. 
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2. For each pair (si, s 2 ) £ an d each transition from R 2 of the form 

a i 

s 2 s 2 

there is a transition from Ri of the form 



such that s 2 ) G 

A relation /i, satisfying these conditions, is called a bisimulation (BS) 

between Pi and P 2 . 

4.5 Algebraic properties of strong equivalence 

Theorem 3. 

Strong equivalence is a congruence, i.e., if Pi ~ P 2 , then 

• for each a G Act a. Pi ~ a.P 2 

• for each process P Pi + P ~ P2 + P 

• for each process P Pi|P ~ P2IP 

• for each L C Names Pi \ L ~ P 2 \ L 

• for each renaming / Pi[/] ~ Pi\f\ 
Proof. 

As it was stated in section I4.4.2[ the statement 

Pi ~ P 2 

is equivalent to the statement that there is a BS fi between Pi and P 2 . 
Using this /x, we construct a BS for justification of each of the foregoing 
relationships. 

• Let s?^ and s%\ be initial states of the processes a. Pi and a.P 2 respec- 
tively. 

Then the relation 

{(4)' u <" 

is a BS between a.Pi and a.P 2 . 



66 



• Let 

— and S( 2 ) be initial states of Pi + P and P 2 + P respectively, 
and 

— S be a set of states of the process P. 
Then 

— the relation 

{(4)' 4))} u ^ u 

is a BS between Pi + P and P 2 + P, and 

— the relation 

{((si, s), (s 2 , s)) I (si, s 2 ) e geS} 
is a BS between Pi|P and P 2 |P. 

• The relation /j, is a BS 

— between P±\L and P 2 \ L, and 

— between P x [/] and P 2 [/]. ■ 

Theorem 4. 

Each process P = (S, s°, R) has the following properties. 

1. P + ~ P 

2. P + P~P 

Proof. 

1. Let Sg be an initial state of the process P + 0. 
Then the relation 

{(s° ,s )} U Ids 
is a BS between P + and P. 
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2. By definition of the operation "+", processes in the left side of the 
statement P + P ~ P should be considered as two disjoint isomorphic 
copies of P of the form 

P {i) = (S {l) ,s° {l) ,R {l) ) (i = l,2) 

where = {s^ \ s G S}. 

Let Sq be an initial state of the process P + P. 

Then the relation 

{(s° ,s )} U {(s {i) ,s)\seS, 2 = 1,2} 

is a BS between P + P and P. ■ 

Below for 

• each process P = (S, s°, R), and 

• each state s G S 

we denote by P(s) the process (S,s,R), which is obtained from P by a re- 
placement of an initial state. 

Theorem 5. 

Let P = (S,s°,R) be a process, and a set of all its transitions, starting 
from s°, has the form 

{ s° — — - s l \ i = l,...,n} 

Then 

P ~ ax.Px + . . . + a n .P n (4.16) 
where for each % = 1 , . . . , n 

P t d ^ P ( s i) d ^ (S,s\R) 

Proof. 

(I4.16P holds because there is a BS between left and right sides of (14.161) . 

For a construction of this BS we replace all the processes Pi in the right 
side of (14.161) on their disjoint copies, i.e. we can consider that for each 
i — 1, . . . , n 
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the process has the form 

Pi = (S(i), s\ i} , Rq) 
where all the sets SVn, . . . , S/ n ) are disjoint, and 

a corresponding bijection between S and Sr* maps each state s G S to 
a state, denoted by the symbol s™. 



Thus, we can assume that each summand a^.Pi in the right side of (I4.16p 
has the form 




and sets of states of these summands are pairwise disjoint. 

According to the definition of the operation +, the right side of (14.161) 
has the form 




BS between left and right sides of (I4.16P has be defined, for example, as 
the relation 



{(s",s u )} U {(s,a w ) | s E S, % = l,...,n} 

Theorem 6 (expansion theorem). 

Let P be a process of the form 

P = Pi I ■ ■ ■ I Pn 



(4.17) 
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where for each % G {1, . . . , n} the process P, has the form 

Pi = jt<*' P U (4.18) 

3=1 

Then P is strongly equivalent to a sum of 

1. all processes of the form 

a ij- (-P I • • • 

2. and all processes of the form 

- ( 

where 1 < i < j < n, an-, aji ^ r, and = ciji. 
Proof. 

By theorem [51 P is strongly equivalent to a sum, each summand of which 
corresponds to a transition starting from the initial state s° of the process 
P. For each transition of P of the form 



this sum contains the summand a.P(s). 

According to (14.181) . for each i — 1, . . . , n the process Pj has the form 




P I P I P 

1 i—l \ 1 ij \ 1 i 



ij | i+1 



Pr 



(4.19) 



| Pj-l | Pik | Pj+1 | • • • 
-1 | Pjl | Pj+1 I • • • I Pi 



(4.20) 
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where s°, s° 1( . . . , s° n . are initial states of the processes 

Pit Pili • • • i P%m 

respectively. 
Let 

• Si be a set of states of the process Pi, and 

• Sij (where j — 1, . . . , n$) be a set of states of the process Pjj. 
We can assume that Si is a disjoint union of the form 

Si = U5 a U...U S ini (4.21) 

According to the description of a process of the form (14.171) . which is 
presented in item 2 of section 13.71 we can assume that components of P have 
the following form. 

• A set of states of the process P has the form 

Srx ...x S n (4.22) 

• An initial state s° of P is a list 

(*?,...,« 

• Transitions of P, starting from its initial state, are as follows. 

— Transitions of the form 

s - (s°, . . . , s®j, s° +1 , . . . , s°) (4.23) 

— Transitions of the form 

/ e o „o „o „o \ 
s o s 1: Si l ,s^s i+1 , ^ (4 24) 

\ • • • 1) *j+l> ■ • • ; *n / 

where 1 < i < j < n, a^, dji ^ r, and = ajl. 
Thus, there is an one-to-one correspondence between 

• the set of transitions of the process P, starting from s°, and 
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• the set of summands of the form (I4.19P and (I4.20p . 
For the proof of theorem [6] it is enough to prove that 

• For each i = 1, . . . , n, and each j = 1, . . . , n, the following equivalence 
holds: 



JT{b 1 , . . . , 6y, . . . , h n ) ~ 

~ (-Pi | • • • | Pi-1 | Pij | Pi+l | • • • \Pn 

for 

— any i, j, such that 1 < i < j < n, and 

— any k — 1, . . . , rii, I — 1, . . . , rij 

the following equivalence holds: 



(4.25) 



P 



e „0 „0 „0 \ 

*1) • • • J ^iki ^i+li • • • \ 

„0 „0 „0 e o 

• • • a j-l> "Sji! a j'+l> • • • ' a n / 

-Pi | • • • | Pi-1 | Pik | Pj+1 | • • • 

• • • I Pj-1 I P?'/ I Pjf+1 I • • • I Pn 



(4.26) 



We shall prove only (I4.25P ( f)4.26p can be proven similarly). 

A set of states of the process 

(Pi I • • • I Pi-i I Pi | P i+ i | ■ ■ ■ | Pn) (4.27) 

has the form 

Si x ... x Si (4.28) 

(fl~2Tj) implies that ^ C i.e. set (jQgj) is a subset of set of 
states of the process 

P( s l; • • • > s i-l> S i+1; • • • ) S n) (4.29) 

We define the desired BS fi between processes (I4.27P and (I4.29P as the 
diagonal relation 

v d ^{(s,s) | s e (HjZED} 

Obviously, 

• a pair of initial states of processes (I4.27P and ( I4.29P belongs to /i, 
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• each transition of the process (14.271) is also a transition of the process 



• if a start of some transition of the process (14.291) belongs to the subset 
(I4.28p . then the end of this transition also belongs to the subset ( 14 . 2 8 [) 
(to substantiate this claim we note that for each transition of Pj, if its 
start belongs to S^, then its end also belongs to SV,). 

Thus, /i is a BS, and this proves the claim (I4.25p . ■ 

The following theorem is a strengthening of theorem [61 To formulate it, 
we will use the following 

notation. If / : Names — > Names is a renaming, then the symbol / 
denotes also a mapping of the form 



flOSP, and 



/ : Act ->■ Act 



defined as follows. 



• V a G Names /(a!) = /(a)!, /(a?) = /(a)? 



• f{r) 



def 
= T 



Theorem 7. 

Let P be a process of the form 



P = {Piifi} 



Pn[fn])\L 



where for each i e {1, . . . , n} 



Pi ~ J^Clij. Pi 



Then P is strongly equivalent to a sum of 



1. all processes of the form 



( ( Pl[/l]l 

• • • I Pi-l[fi-l] | Pijlfi] I Pi+l[fi+l] 

V V ••• \ Pn[fn] 




where Oy = r or name(fi(aij)) (jL L, and 
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2. all processes of the form 



T. 



( (Pi\Jx\\- 

• • • I Pi-l[fi-l] I Pikifi] I Pi+llfi+l] 

• • • I Pj-l[fj-l] I Pjllfj] I Pj+l[fj+l] 
V V ••• I Pn[/n] 



\ \ 

\L 



J 



J 



where 1 < % < j < n, a ik , a jt ^ r, and fi(a ik ) = fj(aji). 
Proof. 

This theorem follows directly from 

• the previous theorem, 

• theorem [31 

• properties 6, 9, 10, 16 and 17 from section I3TTI and 

• the first assertion from theorem HI 



4.6 Recognition of strong equivalence 

4.6.1 Relation fi( P u P 2 ) 

Let Pi, P 2 be a couple of processes of the form 

P^iS^slRi) (i = 1,2) 

Define an operator ' on the set of all relations from Si to S 2 , that maps 
each relation // C Si X S 2 to the relation // C Si x S^, defined as follows: 



, def 



(si,s 2 ) G 

g ^ x S 2 



Va G Act 

Vs[ G 5i : (si A s' x ) G i?i 

(s 2 A s' 2 ) G i? 2 

(si, 4) e 

Vs' 2 G S 2 : (s 2 A s 2 ) G i? 2 



3s' 9 G S 2 : 



3s[ G Si : 



(s[,s 2 ) G /i 
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It is easy to prove that for each fi C Si x S 2 

H satisfies conditions 1 and 2 , 
from the definition of a BS ~~ ^ 



Consequently, 

/x is a BS between P x and P 2 <^ 



It is easy to prove that the operator ' is monotone, i.e. 

if fMi C fj, 2 , then fi[ C /i' 2 . 

Let /x maa ; be a union of all relations from the set 

{/i C Si x S 2 | /i C //} (4.30) 

Note that the relation fi max belongs to the set (I4.30p . since for every 
H E (14301 from 

• the inclusion a C ( (J u) = u max , and 

• monotonicity of ' 

it follows that for each /i e (14.301) 

C fj! C //^ 

So /i max = U /x C /i' max , i.e. /i max G (|4.3U|). 

u p C30l 

Note that the following equality holds 

Umax = Umax 

because 

• the inclusion fi max C /i^^, and 

• monotonicity of ' 
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imply the inclusion 

f^max — f^max 

i.e. fi' max € f)4.30p . whence, by virtue of maximality of fi ma x, we get the 
inclusion 

Thus, the relation fi ma x is 

• a greatest element of the partially ordered set (I4.30p (where a partial 
order is the relation of inclusion), and 

• a greatest fixed point of the operator '. 
We shall denote this relation by 

H(P X ,P 2 ) (4.31) 
From theorem [2] it follows that 

Pi~P 2 & (s 1 ,s° 2 )efi(P 1 ,P 2 ) 

From the definition of the relation fi(Pi,P 2 ) it follows that this relation 
consists of all pairs (si, S2) £ Si x S 2 , such that 

PM) ~ P 2 (s 2 ) 

The relation /j,(Pi,P2) can be considered as a similarity measure be- 
tween Pi and P 2 . 

4.6.2 A polynomial algorithm for recognizing of strong 
equivalence 

Let Pi and P 2 be processes of the form 

P i = (S i ,s° i ,R i ) (2 = 1,2) 

If the sets Si and S 2 are finite, then the problem of checking of statement 

Pi ~ P 2 (4.32) 

obviously is algorithmically solvable: for example, you can iterate over all 
relations fi C Si x S 2 and for each of them verify conditions 0, 1 and 2 from 
the definition of BS. The algorithm finishes its work when 
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• it is found a relation // C Si x S 2 which satisfies conditions of 0, 1 and 
2 from the definition of BS, in this case the algorithm gives the answer 



Pi ~P 2 



or 



• all relations /1 C Si x ^ are checked, and none of them satisfy condi- 
tions of 0, 1 and 2 from the definition of BS. In this case, the algorithm 
gives the answer 



If Pi 7^ P 2 , then the above algorithm will give the answer after checking 
of all relations from Si to 5*2, the number of which is 



(where for every finite set S we denote by \S\ a number of elements of S), 
i.e. this algorithm has exponential complexity. 

The problem of checking Pi ~ P 2 can be solved by more efficient 
algorithm, which has polynomial complexity. To construct such an algo- 
rithm, we consider the following sequence of relations from Si to S 2 ' 



where /ii = Si x S2, and V % > 1 /ij+i = /x-. 
From 

• the inclusion \i\ D fi 2 , and 

• the monotonicity of the operator ' 
it follows that 



Pi ^ P2 



2IS1HS2I 



{/J,i\i> 1} 



(4.33) 



li-i = Mi 

^3 = /4 
etc. 




M3 
/I 4 



Thus, the sequence (14.331) is monotone: 



Ml 2 /X2 2 



77 



Since all members of sequence (14.331) are subsets of the finite set Si x S 2 , 
then this sequence can not decrease infinitely, it will be stabilized at some 
member, i.e. there is an index i > 1, such tha 

f^i — — — ■ ■ ■ 

We prove that the relation /ij (where i is the above index) coincides with the 
relation //(Pi, P2). 

• Since ^ = /i i+ i = i.e. /ij is a fixed point of the operator ', then 

mQKPi,?*) ( 4 - 34 ) 

since [i(Pi, P2) is the largest fixed point of the operator '. 

• For each j > 1 the inclusion 

M(Pi,P 2 )C Mj (4.35) 

holds, because 

— inclusion (I4.35P holds for j = 1, and 

— if inclusion (I4.35P holds for some j, then on the reason of mono- 
tonicity of the operator ', the following equalities hold: 

/i(Pi, p 2 ) = //(Pi, p 2 y c ^ = 

i.e. inclusion (I4.35P holds for j + 1. 
In particular, f |4.35|) holds for j = i. 



The equality 

m = n{Pi,P 2 ) (4.36) 

follows from (14.341) and (I4.35P for j — i. 

Thus, the problem of checking of the statement Pi ~ P2 can be solved by 

• finding a first member fii of sequence (I4.33p . which satisfies the condi- 
tion Hi = fii+i, and 

• checking the condition 

(.slsDeta (4.37) 
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The algorithm gives the answer 

Pi ~P 2 

if and only if (1P7j) holds. 

For a calculation of terms of the sequence (I4.33P the following algorithm 
can be used. This algorithm computes a relation ^! for a given relation 

//':=0 

loop for each (sx,s 2 ) G // 
include := T 

loop for each s[,a : Si — - — ►■ s[ 
found := _L 

loop for each s' 2 : s 2 — - — s' 2 

found := found V (si,s' 2 ) G fJ, 
end of loop 

include := include A found 
end of loop 

loop for each s' 2 ,a : s 2 — - — s 2 
found := _L 

loop for each s[ : Si s[ 

found := found V (s[, s' 2 ) G ji 
end of loop 

include := include A found 
end of loop 

if include then fi' := fi' U {(si, s 2 )} 
end of loop 

Note that this algorithm is correct only when // C jj, (which occurs in the 
case when this algorithm is used to calculate terms of the sequence (I4.33P ). 
In a general situation the outer loop must have the form 

loop for each (si, s 2 ) E Si x S 2 

Estimate a complexity of the algorithm. 
Let A be the number 

max(|Act(Pi)|, \Act{P 2 )\) + 1 
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• The outer loop does no more than \S\\ ■ \S 2 \ iterations. 

• Both loops contained in the external loop make max |Si| • IS2I • A 
iterations. 

Therefore, a complexity of this algorithm can be evaluated as 

OUSxl 2 ■ \S 2 \ 2 ■ A) 

Since for a calculation of a member //j of sequence (I4.33p . on which (I4.33P 
is stabilized, we must calculate not more than \Si\ ■ \S 2 \ members of this 
sequence, then, consequently, the desired relation /ij = fi(Pi,P 2 ) can be 
calculated during 

0(\Si\ 3 ■ \S 2 \ 3 ■ A) 

4.7 Minimization of processes 

4.7.1 Properties of relations of the form /i(P, P) 
Theorem 8. 

For each process P = (S, s°, R) the relation fi(P, P) is an equivalence. 
Proof. 

1. Refiexivity of the relation fi(P,P) follows from the fact that the di- 
agonal relation 

Id s — {(s, s) I s E S} 
satisfy conditions 1 and 2 from the definition of BS, i.e. 

ids e flESD. 

2. Symmetry of the relation P) follows from the fact that if a rela- 
tion satisfies conditions 1 and 2 from the definition of BS, then the 
inverse relation /i -1 also satisfies these conditions, that is, 

if a« e ( jOHD , then ^ l e (ODjl . 
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3. Transitivity of the relation /i(P, P) follows from the fact that the 
product 

satisfies conditions 1 and 2 from the definition of BS, i.e. 

»(P,P)o»(P,P)C»(P,P) U 

Let P^ be a process, whose components have the following form. 

• Its states are equivalence classes of the set S of states of P, correspond- 
ing to the equivalence fj,(P, P). 

• Its initial state is the class [s°], which contains the initial state s° of P. 

• A set of its transitions consists of all transitions of the form 

where Si — - — S2 is an arbitrary transition from R. 

The process P^ is said to be a factor-process of the process P with respect 
to the equivalence /i(P,P). 

Theorem 9. 

For each process P the relation 



/i d = f {( S ,M) \seS} 



is BS between P and P^. 



Proof. 

Check the properties 0, 1, 2 from the definition of BS for the relation //. 
Property holds by definition of an initial state of the process P^. 
Property 1 holds by definition of a set of transitions of P^. 
Let us prove property 2. Let P^ contains a transition 

Is) — M 

Prove that there is a transition in R of the form 

a „ 
S S 
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such that (s", [s']) G /i, i.e. [s"] = [s'], i.e. 

(s", s') e fi(P, P) 

From the definition of a set of transitions of the process P^ it follows that 
R contains a transition of the form 

s x —5— si (4.38) 

where [s\] = [s] and [s[] = [s f ], i.e. 

(si,s) G fJ<(P,P) and 

Since /x(P, P) is a BS, then from 

• fH~38l) G P, and 

• ( Sl)S )G/i(P,P) 

it follows that P contains a transition of the form 

s — ^— si' (4.39) 

where (s'/, si) G /x(P,P). 

Since /i(P, P) is transitive, then from 

(s'/, si) G /i(P, P) and 
(si,s')G/x(P,P) 

it follows that 

(si', s') e MP P) 

Thus, as the desired state s" it can taken the state s'{. ■ 
From theorem [9] it follows that for each process P 

P~ P„ 
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4.7.2 Minimal processes with respect to ~ 

A process P is said to be minimal with respect to ~, if 

• each its state is reachable, and 

• n(P,P) = Id s 

(where S is a set of states of P). 

Below minimal processes with respect to ~ are called simply minimal pro- 
cesses. 

Theorem 10. 

Let the processes Pi and P 2 minimal, and Pi ~ P 2 . 
Then Pi and P 2 are isomorphic. 

Proof. 

Suppose that p (i = 1, 2) has the form (Si, s°, Pj), and let /i C S± x S 2 
be BS between Pi and P 2 . 

Since ^ — 1) is also BS, and composition of BSs is BS, then 

• fio is BS between P x 
and Pi , and 

• /i" 1 o /i is BS between P 2 and P 2 

whence, using definition of the relations //(Pj,p), and the definition of a 
minimal process, we get the inclusions 

/io/i" 1 C //(Pi, Pi) = Id Sl (AAV s 
l2- 1 o^C^(P 2 ,P 2 ) = Ids 2 1 • UJ 

Prove that the relation \x is functional, i.e. for each s G S\ there is a 
unique element s' G S 2 , such that (s, s') G 

• If s = s 1 ; 1 ) then we define s' = f s°- 

• If s 7^ then, since every state in Pi is reachable, then there is a path 
in Pi of the form 

s" . . . s 
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Since fi is BS, then there is a path in P 2 of the form 



a\ (In i 

. . . S 



and (s, s') G \i. 

Thus, in both cases there is an element s' G S 2 , such that (s, s') G \i. 

Let us prove the uniqueness of the element s' with the property (s, s') G \l. 

If there is an element s" G S 2 , such that (s,s") G /i, then (s",s) G 
which implies 

(s", s') G fi 1 o fi = Id S2 

so s" = s'. 

For similar reasons, the relation yU -1 is also functional. 

From conditions f )4.40p it is easy to deduce bijectivity of the mapping, 
which corresponds to the relation /i. By the definition of BS, this implies 
that Pi and P 2 are isomorphic. ■ 

Theorem 11. 

Let 

• a process P 2 is obtained from a process Pi by removing of unreachable 
states, and 



• P 3 = (P 2 )~ 
Then the process P3 is minimal, and 

Pi ~ P 2 ~ P3 

Proof. 

Since each state of P 2 is reachable, then from the definition of transitions 
of a factor-process, it follows that each state of P3 is also achievable. 
Now, we prove that 

fx(P 3 ,P 3 ) = Id S3 (4.41) 

i.e. suppose that (s', s") G //(P3, P3), and prove that s 1 = s". 

From the definition of a factor-process it follows that there are states 
Si, S2 G S 2 , such that 

s> = [ Sl ] 

S" = [S2] 
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Since a composition of BSs is also BS, then the composition 



^(P 2 ,P 3 )o^{P 3 ,P 3 )o^(P 3 ,P 2 ) 



(4.42) 



is BS between P 2 and P 2 , so 



@32D c fx(P 2 , p 2 ) 



(4.43) 



Since (sx, s 2 ) G P~4"2|) . then, in view of (jQ5|) . we get: 



s = 



= s' 



In conclusion, we note that 

• the statement Pi ~ P 2 is obvious, and 

• the statement P 2 ~ P3 follows from theorem [9j ■ 

4.7.3 An algorithm for minimizing of finite processes 

The algorithm described in section 14.6.21 can be used to solve the problem of 
minimizing of finite processes, which has the following form: for a given 
finite process P build a process Q with the smallest number of states, which 
is strongly equivalent to P. 

To build the process Q, first there is constructed a process P', obtained 
from P by removing of unreachable states. The process Q has the form P^. 

A set of states of the process P' can be constructed as follows. Let P has 
the form 



P=(S,s°,R) 

Consider the sequence of subsets of the set S 



S cs l cs 2 c... 



(4.44) 



defined as follows. 
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• S ® {s } 

• for each % > the set Si+i is obtained from Si by adding all states 
s' G S, such that 

3s e S, 3a G Act : ( s — ^— sf ) G i? 

Since S 1 is finite, then the sequence (14.441) can not increase infinitely. Let S% 
be a member of the sequence (14.441) . where this sequence is stabilized. It is 
obvious that 

• all states from Si are reachable, and 

• all states from S \ Si are unreachable. 

Therefore, a set of states of the process P' is the set 5j. 
Let S' be a set of states of the process P' . 

Note that for a computation of the relation fi(P', P') it is necessary to 
calculate no more than \S'\ members of sequence (I4.33j) . because 

• each relation in the sequence (I4.33P is an equivalence (since if a binary 
relation fi on the set of states of a process is an equivalence, then the 
relation // is also an equivalence), and 

• — each member of the sequence (14.331) defines a partitioning of the 

set S', and 

— for each i > 1, if ^ ^ then a partitioning corresponding to 
Hi + i is a refinement of a partitioning corresponding to /ij, 

and it is easy to show that a number of such refinements is no more 
than \S'\. 

Theorem 12. 

The process P^ has the smallest number of states among all finite pro- 
cesses that are strongly equivalent to P. 

Proof. 

Let 

• Pi be a finite process, such that P\ ~ P, and 

• P[ be a reachable part of P\. 
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As it was established above, 



Since P ~ P' 



P^ and P ~ Pi, then, consequently, 



^ ~ (pi) 



(4.45) 



As it was proved in theorem HT1 the processes P^ and (P{)~ are minimal. 
From this and from (14 .45 p . by virtue of theorem [10] we get that the processes 
P^ and (P{)~ are isomorphic. In particular, they have same number of states. 



• a number of states of the process (P{)~ does not exceed a number of 
states of the process P{ (since states of the process (P()~ are classes of 
a partitioning of the set of states of the process P{), and 

• a number of states the process P{ does not exceed a number of states 
of the process Pi (since a set of states of the process P{ is a subset of 
a set of states of the process Pi) 

then, consequently, a number of states of the process P^ does not exceed a 
number of states of the process Pi. ■ 

4.8 Observational equivalence 

4.8.1 Definition of observational equivalence 

Another variant of the concept of equivalence of processes is observational 
equivalence. This concept is used in those situations where we consider the 
internal action r as negligible, and consider two traces as the same, if one of 
them can be obtained from another by insertions and/or deletions of internal 
actions r. 

For a definition of the concept of observable equivalence we introduce 
auxiliary notations. 

Let P and P' be processes. 

1. The notation 



Since 



P 



T 



P' 



(4.46) 



means that 
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• either P = P' 

• or there is a sequence of processes 

Pi,...,P n (n>2) 

such that 

— P 1 = P, P n = P' 

— for each i = 1, . . . , n — 1 

Pi *" Pi+1 

(I4.46P can be interpreted as the statement that the process P may 
imperceptibly turn into a process P'. 

2. For every action a G Act \ {r} the notation 

P P > (4.47) 

means that there are processes Pi and P2 with the following properties: 
P — ^ Pi , Pi —2— P 2 , P 2 — p 

(I4.47P can be interpreted as the statementthat the process P may 

• execute a sequence of actions, such that 

— the action a belongs to this sequence, and 

— all other actions in this sequence are internal 
and then 

• turn into a process P' . 

If (14.47)) holds, then we say that the process P may 

• observably execute the action a, and then 

• turn into a process P' . 

The concept of observational equivalence is based on the following under- 
standing of equivalence of processes: if we consider processes Pi and P 2 as 
equivalent, then they must satisfy the following conditions. 
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1. • If one of these processes P, may imperceptibly turn into some 

process P/, 

• then another process Pj (j G {1,2} \ {i}) also must be able 
imperceptibly turn into some process Pj, which is equivalent to 
Pi- 

2. • If one of these processes Pj may 

— observable execute some action a G Act \ {r}, and then 

— turn into a process P/ 

• then the other process Pj (j G {1, 2} \ {j}) must be able 

— observably execute the same action a, and then 

— turn into a process Pj, which is equivalent to P-. 

Using notations ( I4.46P and f )4.47p . the above informally described concept 
of observational equivalence can be expressed formally as a binary relation 
\i on the set of all processes, which has the following properties. 

(1) If (Pi, P 2 ) G /i, and for some process P[ 

Pi P[ (4.48) 

then there is a process P 2 ', such that 

P 2 — ^— P' 2 (4.49) 

and 

(PuPQefi (4.50) 

(2) symmetric property: If (Pi,P 2 ) G fi, and for some process P' 2 

P 2 P' 2 (4.51) 

then there is a process P{, such that 

Pi — ^— P[ (4.52) 

and (143011 . 



89 



(3) If (Pi, P 2 ) G /i, and for some process P{ 

Pi P[ (4.53) 

then there is a process P 2 ', such that 

P 2 P' 2 (4.54) 

and fl4T50|) . 

(4) symmetric property: If (Pi,P 2 ) G /i, and for some process P 2 

P 2 — P^ (4.55) 
then there is a process P{, such that 

Pi P[ (4.56) 

and (1430]) . 

Let Ai T be a set of all binary relations on the set of processes, which have 
the above properties. 

The set Ai T is not empty: it contains, for example, the diagonal relation, 
which consists of all pairs (P, P), where P is an arbitrary process. 

As in the case of strong equivalence, the natural question arises about 
what kind of a relationship, within the set Ai T , can be used for a definition 
of the concept of observational equivalence. 

Just as in the case of strong equivalence, we offer the following answer 
to this question: we will consider Pi and P2 as observationally equivalent if 
and only if there is a relation \l G M. t , that contains the pair (Pi,P 2 ), i.e. 
we define a relation of observational equivalence on the set of all processes 
as the union of all relations fromA^ T . This relation is denoted by the symbol 

It is easy to prove that 

• ~ G M T , 

• is an equivalence relation, because 

— reflexivity of ~ follows from the fact that the diagonal relation 
belongs to A4 T , 
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— symmetry of ~ follows from the fact that if \x G M T , then /x 1 G 

— transitivity of ~ follows from the fact that if \i\ G M T and fi 2 G 
M T , then Hi o ii 2 G .M T . 

If processes Pi and P 2 are observationally equivalent, then this fact is 
indicated by 

Pi^P 2 

It is easy to prove that if processes P\ and P2 are strongly equivalent, 
then they are observationally equivalent. 

4.8.2 Logical criterion of observational equivalence 

A logical criterion of observational equivalence is similar to the analo- 
gous criterion from section 14.4.11 In this criteria it is used the same set Fm 
of formulas. The notion of a value of a formula on a process differs from the 
analogous notion in section |4.4. II only for formulas of the form (a) (p: 

• a value of the formula (r)(p on the process P is equal to 

1, if there is a process P' : 

p P' , p\v) = 1 

0, otherwise 

a value of the formula (a) (p (where a ^ r) on P is equal to 

1, if there is a process P' : 
P ^+ p> ; p'(^) = 1 

0, otherwise 

For each process P the notation Th T (P) denotes a set of all formulas 
which have a value 1 on the process P (with respect to the modified defini- 
tion of the notion of a value of a formula on a process). 

Theorem 13 . 

Let Pi and Pi be finite processes. Then 

P^P 2 & TKr(P x ) = Th T (P 2 ) U 
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As in the case of ~, there is a problem of finding for two given processes 
Pi and P2 a list of formulas of a smallest size 

<pi,...,<p n 

such that Pi ~ P2 if and only if 

Vi = l,...,n Pi{(fi) = P 2 {(pi) 
Using theorem [T3J we can easily prove that 

for each process P P ~ t.P (4-57) 

Note that, 

• according to (j4.57p . the following statement holds: 

« r. 

• however, the statement 

+ a.O « r. + a.O (where a/r) (4.58) 

does not hold, what is easy to see by considering the graph represen- 
tation of left and right sides of f!4.58j) : 




A formula, which takes different values on these processes, may have, 
for example, the following form: 

-<rb<a)T 
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Thus, the relation rs is not a congruence, as it does not preserve the 
operation +. 

Another example: if a, b G Act \ {r} and a ^ b, then 
a.O + b.O ^ T.a.O + r.b.O 

although a.O r* r.a.O and 6.0 ~ r.b.O. 

A graph representation of these processes has the form 




The fact that these processes are not observationally equivalent is sub- 
stantiated by the formula 

(rb(a)T 

4.8.3 A criterion of observational equivalence based on 
the concept of an observational BS 

For the relation rj there is an analog of the criterion based on the concept 
of BS (theorem [2] in section 14.4.21) . For its formulation we shall introduce 
auxiliary notations. 

Let P = (S, s°, R) be a process, and si, S2 be a pair of its states. Then 

• the notation 

s s 

means that 

— either s = s', 
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— or there is a sequence of states 

si,...,s n (n > 2) 
such that si = s, s n = s', and Vi = 1, . . . , n — 1 

( Si — — - s i+1 ) G P 

• the notation 

s — — - s' (where a ^ r) 
means that there are states Si and s 2 , such that 

t* a T * i 
S •- Si , Si >- S2 , S2 *■ S . 

Theorem 14 . 

Let Pi and P 2 be processes of the form 

P i =(S i ,8° i ,R i ) (i = l,2) 
Then Pi f» P 2 if and only if there is a relation 

/^CSix5 2 
satisfying the following conditions. 

0. (s?,s°) e/i. 

1. For each pair (si, s 2 ) G /i and each transition from P x of the form 

Si s 1 

there is a state s' 2 G S 2 , such that 

s 2 s 2 

and 

(s'i,s 2 )G/i (4.59) 

2. For each pair (si, s 2 ) G \i and each transition from P 2 of the form 

s 2 <~ s 2 

there is a state Sj G Si, such that 

Si s 1 

and (14391) . 
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3. For each pair (si, s 2 ) G an d each transition from Ri of the form 

Si — — - s[ (a ^ r) 
there is a state s 2 G S2, such that 

s 2 s 2 

and (H391 . 

4. For each pair (si, S2) G /i and each transition from P 2 of the form 

s 2 — — - s' 2 (a ^ t) 
there is a state s' x G Si, such that 

Si s 1 

and (1439]) . 

A relation /i, satisfying these conditions, is called an observational BS 
(OBS)between P x and P 2 . 

4.8.4 Algebraic properties of observational equivalence 
Theorem 15. 

The relation of observational equivalence preserves all operations on pro- 
cesses except for the operation +, i.e. if Pi ~ P 2 , then 

• for each a G Act a. Pi « a.P 2 

• for each process P Pi|P ~ P 2 |P 

• for each L C Names Pi \ L w P 2 \ L 

• for each renaming / Pi[/] ~ P2[/] 
Proof. 

As it was established in section I4.8.3[ the statement Pi m P 2 is equivalent 
to the following statement: there is an OBS /x between P x and P 2 . Using this 
/1, we construct OBSs for justification of each of the foregoing statements. 



95 



• Let s?^ and S/L be initial states of the processes a.P\ and (1.P2 respec- 
tively. 

Then the relation 

{(Oi, s), (s 2 , s)) I (si, 8 3 ) e fi, q e S} 

is an OBS between P\\P and P 2 |P. 

• Let 5 be a set of states of the process P. Then the relation 

{((si, s), (s 2 , s)) I (si, s 2 ) 6 fi, qe S} 
is an OBS between P\\P and -P 2 |-P. 

• the relation /x is an OBS 

— between P\\L and P 2 \L, and 
- between P^f] and P 2 [/]. ■ 

4.8.5 Recognition of observational equivalence and min- 
imization of processes with respect to « 

The problems of 

1. recognition for two given finite processes, whether they are observa- 
tionally equivalent, and 

2. construction for a given finite process P such a process Q, that has the 
smallest number of states among all processes, which are observation- 
ally equivalent to P 

can be solved on the base of a theory that is analogous to the theory contained 
in sections 14.61 and 14.71 

We will not explain in detail this theory, because it is analogous to the 
theory for the case ~. In this theory, for any pair of processes 

Pi^iS^slRi) (2 = 1,2) 

also it is determined an operator ' on relations from Si to S* 2 , that maps each 
relation \i C Si x 5* 2 to the relation fj,' T , such that 

/i satisfies conditions 1, 2, 3, 4 , 
from the definition of OBS ^ ~ ^ T 
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In particular, 

\i is OBS between P\ and P 2 



Let fi T (Pi, P2) be a union of all relations from the set 

{/iC5ixS 2 |/iC y! T } (4.60) 

The relation /i r (Pi,P 2 ) is the greatest element (with respect to an inclu- 
sion) of the set ( I4.60|) . and has the property 

Pi~P 2 & (s° 1 ,s° 2 )eii T (P 1 ,P 2 ) 

From the definition of the relation fi T (Pi,P 2 ) follows that it consists of 
all pairs (sj, s 2 ) G S\ x S2, such that 

Pi(sx) « P 2 (s 2 ) 

The relation fi T (Pi,P 2 ) can be considered as another similarity measure 
between Pi and P 2 . 

These is a polynomial algorithm of a computation of the relation /x T (Pi, P 2 ) 
This algorithm is similar to the corresponding algorithm from section 14.6.21 
For constructing of this algorithm it should be considered the following con- 
sideration. For checking the condition 



(where s, s' are states of a process P) it is enough to analyze sequences of 
transitions of the form 



si s 2 



length of which does not exceed a number of states of the process P. 



4.8.6 Other criteria of equivalence of processes 

For proving that processes Pi and P 2 are strongly equivalent or observation- 
ally equivalent, the following criteria can be used. In some cases, use of these 
criteria for proving of an appropriate equivalence between Pi and P 2 is much 
easier than all other methods. 

A binary relation \x on the set of processes is said to be 
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• BS (mod ~), if // C (~ // ~)' 

• OBS (mod ~), if // C (~ /j, ~)' r 

• OBS (mod if fi C (ps // py)' T 
It is easy to prove that 

• if ji is BS (mod ~), then /i C ~, and 

• if /x is OBS (mod ~ or mod ps), then /i C pa. 

Thus, to prove P x ~ P 2 or -Pi ~ P2 h is enough to find a suitable 

• BS (mod ~), or 

• OBS (mod ~ or mod w) 
respectively, such that 

(Pi,P 2 )G/i 

4.9 Observational congruence 

4.9.1 A motivation of the concept of observational con- 
gruence 

As stated above, a concept of equivalence of processes can be defined not 
uniquely. In the previous sections have already been considered different 
types of equivalence of processes. Each of these equivalences reflects a certain 
point of view on what types of a behavior should be considered as equal. 

In addition to these concepts of equivalence of processes, it can be deter- 
mined, for example, such concepts of equivalence, that 

• take into account a duration of an execution of actions, i.e., in partic- 
ular, one of conditions of equivalence of processes Pi and P 2 can be as 
follows: 

— if one of these processes Pj may, within a some period of time 
imperceptibly turn into a process P/, 
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— then the other process P, (j E {1,2} \ {i}) must be able for 
approximately the same amount of time imperceptibly turn into 
a process Pj, which is equivalent to P/ 

(where the concept of "approximately the same amount of time" 
can be clarified in different ways) 

• or take into account the property of fairness, i.e. processes can not be 
considered as equivalent, if 

— one of them is fair, and 

— another is not fair 

where one of possible definitions of fairness of processes is as follows: a 
process is said to be fair if there is no an infinite sequence of transitions 
of the form 

r t r 

s Si s 2 . . . 

such that the state so is reachable, and for each % > 

Act( Si ) \ {r} 

Note that observational equivalence does not take into account the 
property of fairness: there are two processes Pi and P 2 , such that 

— Pi « P 2 , but 

— Pi is fair, and P 2 is not fair. 
For example 

— Pi = a.O, where a ^ r, 

— P 2 = a.O | r*, where the process r* has one state and one transition 
with a label r 

• etc. 

In every particular situation, a decision about which a concept of equiva- 
lence of processes is best used, essentially depends on the purposes for which 
this concept is intended. 

In this section we define another kind of equivalence of processes called an 
observational congruence. This equivalence is denoted by ~. We define 
this equivalence, based on the following conditions that it must satisfy. 
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1. Processes that are equivalent with respect to w, must be observationally 
equivalent. 

2. Let 

• a process P is constructed as a composition of processes 

P\i ■ ■ ■ ,Pn 

that uses operations 

a., +, |, \L, If] (4.61) 

• and we replace one of components of this composition (for exam- 
ple, the process Pi), on other process P/, which is equivalent to 
Pi- 

A process which is obtained from P by this replacement, must be equiv- 
alent to the original process P. 

It is easy to prove that an equivalence \i on the set of processes satisfies 
the above conditions if and only if 

r fj, 

< fj, is a congruence (4.62) 
[ with respect to operations (14.611) 

There are several equivalences which satisfy conditions (14.621) . For exam- 
ple, 

• ithe diagonal relation (consisting of pairs of the form (P, P)), and 

• strong equivalence (~) 

satisfy these conditions. 

Below we prove that among all equivalences satisfying conditions (14.621) . 
there is greatest equivalence (with respect to inclusion). It is natural to 

consider this equivalence as the desired equivalence (^). 
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4.9.2 Definition of a concept of observational congru- 
ence 

To define a concept of observational congruence, we introduce an auxiliary 
notation. 

Let P and P' be a couple of processes. The notation 

D T + . D' 



means that there is a sequence of processes 

Pi,...,P n (ra>2) 

such that 

• Pi=P, P n = P', and 

• for each i — 1, . . . , n — 1 

-Pj Ph-i 

We shall say that processes Pi and P2 are in a relation of observational 
congruence and denote this fact by 

Pi^P 2 

if the following conditions hold. 

(0) Pi » P 2 . 

(1) If, a process P x ' is such that 

Pi —J— P{ (4.63) 
then there is a process P 2 ', such that 

P 2 P^ (4.64) 

and 

P[ w P 2 (4.65) 
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(2) Symmetrical condition: if a process P' 2 is such that 



P-2 



T 



(4.66) 



then there is a process P[ 



such that 



Pi 



T+ 



(4.67) 



and flSBg) . 

It is easy to prove that observational congruence is an equivalence relation. 

4.9.3 Logical criterion of observational congruence 

A logical criterion of observational congruence of two processes is pro- 
duced by a slight modification of the logical criterion of observational equiv- 
alence from section 14.8.21 

A set of formulas Fm + , which is used in this criterion, is an extension 
of the set of formulas Fm from section 14.4.21 Fm + is obtained from Fm by 
adding a modal connective (t + ). 

The set Fm + is defined as follows. 

• Every formula from Fm belongs to Fm + . 

• For every formula <p G Fm the string 



is a formula from Fm + . 

For every formula <p G Fm + and every process P a value of (p on P is 
denoted by P(<p) and is defined as follows. 

• If <p> G Fm, then P(<p) is defined as in section 14.8.21 

• If ip = (T + )ip, where ip G Fm, then 

( 1, if there is a process P' : 



(r + )<P 




0, otherwise 
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For each process P we denote by T/i+(P) a set of all formulas (p G Fm + , 
such that P(ip) = 1. 



Theorem 16. 

Let Pi and P 2 be finite processes. Then 

Pi~P 2 & Th+(P 1 )=Tht(P 2 ) ■ 

As in the case of ~ and ~, there is a problem of finding for two given 
processes Pi and P 2 a list of formulas of a smallest size 

</?!,...,</?„ G Fm + 

such that Pi P 2 if and only if 

Vi = l,...,n Pi(v? i )=P 2 (^) 

4.9.4 Criterion of observational congruence based on 
the concept of observational BS 

We shall use the following notation. Let 

• P be a process of the form (S, s°, R), and 

• si, s 2 be a pair of states from S. 
Then the notation 

r+ / 
S S 

means that there is a sequence of states 

si,...,s n (n > 2) 
such that si = s, s n = s', and for each i = 1, . . . , n — 1 

( Si — T —+ s i+ i ) G R 

Theorem 17 . 

Let Pi, P 2 be a pair of processes of the form 

P = (^,s°,P,) (i = l,2) 

The statement Pi w P 2 holds if and only if there is a relation 

/x C 5i x S 2 
satisfying the following conditions. 
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0. n is an OBS between Pi and P 2 

(the concept of an OBS is described in section H.8.3p . 

1. For each transition from R\ of the form 



there is a state s 2 G S 2 , such that 



o _ . „/ 

*1 



-0 r+ , i 



o 2 

and 



s-. 



{a[,s' 2 )efi (4.68) 
2. For each transition from R 2 of the form 



s 2 *" S 2 



there exists a state Sj G Si, such that 
and pg| . ■ 

Below the string OBS + is an abbreviated notation of the phrase 
"an OBS satisfying conditions 1 and 2 of theorem ITTI ' . 

4.9.5 Algebraic properties of observational congruence 
Theorem 18. 

The observational congruence is a congruence with respect to all operaions 
on processes, i.e. if Pi & P 2 , then 

• for each a G Act a. Pi w a.P 2 

• for each process P Pi + P ~ P 2 + P 

• for each process P Pi|P^P2|P 

• for each L C Names Pi \ L & P 2 \ L 

104 



• for each renaming / Pi [/] w P 2 [/] 
Proof. 

As it was stated in section I4.9.4[ the statement P\ « P 2 holds if and only 
if there is OBS + \i between P\ and P 2 . Using this n, for each of the above 
statements we shall justify this statement by construction of corresponding 
OBS+. 

• Let s9-n and s%) be initial states of the processes a.P 1 and a.P 2 respec- 
tively. 

Then the relation 

4))} u n 

is OBS + between a. Pi and a.P 2 

• Let 

— s%. an< i s (2) be initial states of Pi + P and P 2 + P respectively, 
and 

— S be denote a set of states of the process P. 
Then the relation 

{(4)' 4))} u /i u /d 5 

is OBS + between P 1 + P and P 2 + P. 

• Let S be a set of states of the process P. Then the relation 

{((si, s), (a 2 , s)) | (si, s 2 ) g /i, gGS} 
is OBS+ between P X \P and P 2 |P. 

• The relation \x is OBS + 

— between P\\L and P 2 \L, and 

— between P x {f] and P 2 [/]. ■ 

Theorem 19. 
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For any processes Pi and P 2 

f Pi^P 2 or 
Pi « P 2 <£> J P l ~ T .P 2 or 
[ r.Px^P 2 

Proof. 

The implication "-<— " follows from 

• the inclusion w C «, and 

• the fact that 

for any process P P ~ r.P (4.69) 
Prove the implication " — >•". Suppose 

Pi « P 2 (4.70) 

and 

it is not true that Pi w P 2 (4.71) 
( I4.7ip can occur, for example, in the following case: 



(4.72) 



(4.73) 



there is a process P[, such that 
Pi P[ 

and 

there is no a process P' 2 ~ P(, 
such that P 2 P^ 

We shall prove that in this case 

Pi^r.P 2 

According to the definition of observational congruence, we must prove 
that conditions (0), (1) and (2) from this definition are satisfied. 

(0) : Pi « r.P 2 . 

This condition follows from (I4.70P and (14.691) . 
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(1) : if there is a process P{ such that 

Pi — P[ (4.74) 

then there is a process P 2 ~ P[ such that 

r.P 2 P' 2 (4.75) 

From (14.70 p . (I4.74p . and from the definition of observational equivalence 
it follows that these is a process P 2 ' ~ P[ such that 

P 2 P' 2 (4.76) 



(H775]) follows from r.P 2 * P 2 and (|£7Bll . 

(2) : if there is a process P 2 such that 

r.P 2 P' 2 (4.77) 

then there is a process P( ~ P 2 such that 

Pi P[ 

From the definition of the operation of prefix actions and from (14.771) 
we get the equality 

Thus, we must prove that 

for some process P[ ~ P 2 ,^ ^ . 

the formula P\ — - — >- P[ holds 

Let P[ be a process that is referred in the assumption (14. 72 p . From the 
assumption (I4.70P we get 

there is a process P 2 ~ P{, , . 

such that P 2 — P^ ^ ^ 

Comparing (14.791) and (14.731) . we get the equality P 2 = P 2 , i.e., we have 
proved (147781) . 

(I4.7ip may be true also on the reason that 
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• there is a process such that P 2 — — *■ P 2 , and 

• there is no a process P[ ~ P 2 , sucri that 

Pi P{ 

In this case, by similar reasoning it can be proven that 

r.Pi-Ps ■ 

Theorem 20. 

The relation « coincides with the relation 

{(Pi,P 2 )|VP P + P^P 2 + P} (4.80) 

Proof. 

The inclusion w C (I4.80p follows from the fact that 

• w is a congruence (i.e., in particular, w preserves the operation "+"), 
and 



C 

Prove the inclusion 

fl4~80|) C « 

Let (Pi,P 2 ) G gSU]). 

Since for each process P the following statement holds 

Pi + P « P 2 + P (4.81) 
then, setting in (I4.8ip P = f 0, we get 

Pi + w P 2 + (4.82) 

Since 

• for each process P the following statement holds: 

P + ~ P 

• and , furthermore, ~ C w 
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then from ( I4.82p we get 

P 1 « P 2 (4.83) 

If it is not true that Pi w P 2 , then from f!4.83j) on the reason of theorem 
[EH] we get that 

• either Pi m r.P 2 , 

• or t.Pi f=s P 2 

Consider, for example, the case 

P 1 ^r.P 2 (4.84) 

(the other case is considered analogously). 

Since ~ is a congruence, then from (14.841) it follows that for any process 

P 

Px + P^r.P 2 + P (4.85) 

From 

• (USB), (Q5I1 . and 

• the inclusion rs C 

it follows that for any process P 

P 2 + P « r.P 2 + P (4.86) 

Prove that 

P 2 ^r.P 2 (4.87) 

(I4.87P equivalent to the following statement: there is a process P 2 ~ P 2 , such 
that 

P 2 P^ (4.88) 

Since the set Names is infinite (by an assumption from section [273]) . then 
there is an action b e Act \ {r}, which does not occur in P 2 . 

Statement (I4.86P must be true in the case when P has the form 6.0, i.e. 
the following statement must be true: 

P 2 + b.O w r.P 2 + b.O (4.89) 

Since 

r.P 2 + b.O P 2 

then 
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• from dlSS}, and 

• from the definition of the relation « 

it follows that there is a process P' 2 ~ P 2 such that 

P 2 + 6.0 P 2 ' (4.90) 

The case P 2 + 6.0 = P' 2 is impossible, because 

• the left side of this equality does contain the action 6, and 

• the right side of this equality does not contain the action 6. 
Consequently, on the reason of (14.901) . we get the statement 

P 2 + 6.0 P 2 ' (4.91) 

From the definition of the operation +, it follows that (I4.9ip is possible 
if and only if ( Qgj) holds. 

Thus, we have proved that there is a process P' 2 ~ P 2 such that (I4.88P 
holds, i.e. we have proved (I4.87p . 

(Oi| and fl4~g7j) imply that P 1 ^P 2 . ■ 
Theorem 21 . 

~ is the greatest congruence contained in «, i.e. for each congruence z/ 
on the set of all processes the following implication holds: 

r- r- + 

1/ C Si ^> V C Si 

Proof. 

Prove that if (Pi, P 2 ) <G z/, then P x w P 2 . 

Let (P 1; P 2 ) e z/. Since z/ is a congruence, then 

for each process P (Pi +P,P 2 + ^)G^ (4.92) 
If zy C w, then from (14.921) it follows that 

for each process P P x + P w P 2 + P (4.93) 
According to theorem [20| (14.931) implies that P x ^P 2 . ■ 
Theorem 22 . 
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The relations ~, ~ and ~ have the following property: 

C ~ C « (4.94) 



Proof. 

The inclusion k Cr; holds by definition of ~. 
The inclusion ~ C pa follows from 

• the inclusion ~ C pa, and 

• from the fact that if processes Pi, P 2 are such that 

Pi ~ P 2 

then this pair of processes satisfies conditions from the definition of the 
relation pa. ■ 

Note that both inclusions in (14. 94ft are proper: 

• a.r.O rfj a.O, but a.r.Opaa.O 

• r.0^0, but r.O w 
Theorem 23 . 

1. If Pi pa P 2 , then for each a G Act 

a. Pi pa a.P 2 
In particular, for each process P 

a.r.Ppaa.P (4.95) 

2. For any process P 

P + r.Ppar.P (4.96) 

3. For any processes Pi and P 2 , and any a e Act 

a.(Px + r.P 2 ) + a.P 2 ^a.(P + r.P 2 ) (4.97) 
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4. For any processes Pi and P 2 

P x + t.(P x + P 2 ) £ r.(Pi + P 2 ) (4.98) 

Proof. 

For each of the above statements we shall construct an OBS + between its 
left and right sides. 

1. As it was stated in theorem [T41 (section f4.8.3|) . the statement P\ ~ P 2 
is equivalent to the statement that there is an OBS \i between Pi and 
P 2 - 

Let and sjL be initial states of the processes a. Pi and a.P 2 respec- 
tively. 

Then the relation 

is an OBS + between a. Pi and a.P 2 . 
( I4.95P follows from 

• the above statement, and 

• the statement r.P w P, which holds according to ( 14.57)) . 

2. Let P has the form 

P = (S, 8 °,R) 

and let S'(i) ? 5(2) be duplicates of the set S in the processes P and r.P 
respectively, which contain in the left side of the statement (I4.96p . El- 
ements of these duplicates will be denoted by S(x) and S( 2 ) respectively, 
where s is an arbitrary element of the set S. 

Let s° and s° be initial states of the processes in the left and right sides 
of (14.961) respectively. Then the relation 

{(s°,s° r )} U {( S(i) ,s)\seS, z = l,2} 

is OBS + between left and right sides of the statement (I4.96p . 

3. Let P = (Si, s°, Ri) (i = 1,2). We can assume that S± D S% — 0. Let 
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• s° be an initial state of the process 

Pi + t.P 2 (4.99) 

• s° be an initial state of the process 

a.(Pi + r.P 2 ) (4.100) 

Note that fl4.100p coincides with the right side of fl4~9Tj) . 

The left side of (14.971) is strongly equivalent to the process P', which is 
obtained from (I4.100p by adding the transition 

Q _ . «° 

it is easily to make sure in this by considering the graph representation 
of the process P', which has the form 




It is easy to prove that the process P' is observationally congruent 
to the process (I4.100p . The sets of states of these processes can be 
considered as duplicates Sm and of one and the same set S, and 
OBS + between P' and fl4.100|) has the form 

{(s {1) ,s {2) )\seS} (4.101) 



Since 
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• according to theorem [221 we have the inclusion ~ C «, and 

• (14. lOOp coincides with the right part of (I4.97p . 

then we have proved that the left and right sides of the statement (I4.97P 
are observationally congruent. ■ 

4. Reasonings in this case are similar to the reasonings in the previous 
case. We will not explain them in detail, only note that 

• left part of the statement ( 14. 98ft is strongly equivalent to the pro- 
cess P', which has the following graph representation: 




where 

— s\ and s° are initial states of the processes Pi and P 2 , and 

— s® 2 is an initial state of the process Pi + P 2 

• the right part of the statement (I4.98P (which we denote by P") is 
obtained from P' by removing of transitions of the form 



It is easy to prove that P' ~ P" . Sets of states of these processes can 
be considered as duplicates S(i) and 5(2) of one and the same set S, 
and OBS + between P' and P" has the form (14.1011) . ■ 
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4.9.6 Recognition of observational congruence 

To solve the problem of recognition for two given finite processes, whether 
they are observationally congruent, it can be used the following theorem. 

Theorem 24. 

Let Pi and P 2 be finite processes. The statement 

Pi^P 2 

holds if and only if 

(s° 1 ,s°)e^(P 1 ,P 2 ) _ 

Ht(Pi,P 2 ) is an OBS+ 

4.9.7 Minimization of processes with respect to obser- 
vational congruence 

To solve the problem of minimizing of finite processes with respect to obser- 
vational congruence the following theorems can be used. 

Theorem 25. 

Let P = (S, s°, R) be a process. 

Define a factor-process P~ of the process P with respect to the equiv- 
alence /x T (P, P), as a process with the following components. 

• States of P~ are equivalence classes of the set S with respect to the 
equivalence /i T (P,P). 

• An initial state of P~ is the class [s ]. 

• Transitions of the process P~ have the form 

[Sl] — [82] 

where Si — - — ►■ s 2 is an arbitrary transition from R. 
Then P«(P„). ■ 

Theorem 26. 

Let P' be a process which is obtained from a process P by removing of 
unreachable states. Then PL has the smallest number of states among all 
processes that are observationally congruent to P. ■ 
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Chapter 5 

Recursive definitions of 
processes 

In some cases, it is more convenient to describe a process by a recursive 
definition, intsead of explicit description of sets of its states and transitions. 
In the present chapter we introduce a method of description of processes by 
recursive definitions. 

5.1 Process expressions 

In order to formulate a notion of recursive description of a process we intro- 
duce a notion of a process expression. 

A set PE of process expressions (PE) is defined inductively, i.e. we 
define 

• elementary PEs, and 

• rules for constructing new PEs from existing ones. 
Elementary PEs have the following form. 

process constants: 

We assume that there is given a countable set of process constants, 
and each of them is associated with a certain process, which is called 
a value of this constant. 

Each process constant is a PE. 
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There is a process constant, whose value is the empty process 0. This 
constant is denoted by the same symbol 0. 

process names: 

We assume that there is given a countable set of process names, and 
each process name is a PE. 

Rules for constructing new PEs from existing ones have the following 
form. 

prefix action: 

For each a G Act and each PE P the string a.P is a PE. 

choice: 

For any pair of PEs Pi, P 2 the string Pi + P 2 is a PE. 

parallel composition: 

For any pair of PEs Pi, P 2 the string Pi | P 2 is a PE. 

restriction: 

For each subset L C Names and each PE P the string P \ L is a PE. 
renaming: 

For each renaming / and each PE P the string P[f] is a PE. 

5.2 A notion of a recursive definition of pro- 
cesses 

A recursive definition (RD) of processes is a list of formal equations of 
the form 




where 

• Ai, . . . , A n are different process names, and 

• Pi,...,P n are PEs, satisfying the following condition: for every % = 
1, ... ,ra each process name, which has an occurrence in Pj, coincides 
with one of the names of A ± , . . . , A n . 
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We shall assume that for each process name A there is a unique RD such 
that A has an occurrence in this RD. 

In section 1531 we define a correspondence, which associates with each PE 
P some process [P]. To define this correspondence, we shall give first 

• a notion of an embedding of processes, and 

• a notion of a limit of a sequence of embedded processes. 

5.3 Embedding of processes 

Let Pi and Pi be processes of the form 

P i = (S i ,s?,R i ) (i = l,2) (5.2) 

The process P\ is said to be embedded to the process P2, if there is an 
injective mapping / : Si — >■ 5*2, such that 

. = 4 and 

• for any s', s" G Si and any a G Act 

(A/)G^ & {f{s')^f{s"))ER 2 

For each pair of processes P±, P 2 the notation 

Pi^P 2 

is an abridged notation of the statement that Pi is embedded to P 2 . 

If the processes Pi and P 2 have the form (15.21) . and Pi P 2 , then we 
can identify Pi with its image in P 2 , i.e. we can assume that 

• Si C S 2 
. 4 = s° 

• Pi C R 2 . 

Theorem 27. Let Pi <-> P 2 . Then 

• a. Pi a.P 2 
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• Pi + p ^ p 2 + p 

• Pi I p ^ p 2 1 p 

• Pi \ L P 2 \L 

. Pi[/]^P 2 [/]. ■ 

Below we consider expressions which are built from 

• processes, and 

• symbols of operations on processes (a., +, | , \L, [/]). 

We call such expressions as expressions over processes. For each expres- 
sion over processes it is defined a process which is a value of this expression. 
In the following reasonings we shall denote an expression over the process 
and its value by the same symbol. 

Theorem 28 . 

Let 

• P be an expression over processes, 

• Pi, . . . , P n be a list of all processes occurred in P 

• P[, . . . , P' n be a list of processes such that 

Vi = l,...,n Pi^Pl 

• P' be an expression which is obtained from P by a replacement for 
each i — 1, . . . , n each occurrence of the process p to the corresponding 
process P[. 

Then P ^ P' . 
Proof. 

This theorem is proved by induction on a structure of the expression P. 
We prove that for each subexpression Q of the expression P 

Q^Q' (5.3) 

where Q' is a subexpression of the expression P', which corresponds to the 
subexpression Q. 
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base of induction: 

If Q = Pi, then Q' = P-, and (15.31) holds by assumption. 

inductive step: 

From theorem [27] it follows that for each subexpression Q of the expres- 
sion P the following implication holds: if for each proper subexpression 
Qi of Q the following statement holds 

Qi Q[ 

then 0E3D holds. 

Thus, (15 .3p holds for each subexpression Q of P. In particular, (I5.3P holds 
for P. U 

5.4 A limit of a sequence of embedded pro- 
cesses 

Let {P k | k > 0} be a sequence of processes, such that 

VA; > P k m- P k+1 (5.4) 

A sequence {P k \ k > 0} satisfying condition (15. 4p is called a a sequence 
of embedded processes. 

Define a process lim P k , which is called a limit of the sequence of em- 

k— >oo 

bedded processes {P k \ k > 0}. 

Let the processes P k ik > 0) have the form 

Pk = ('S'fcj s° k , R k ) 
On the reason of ( 15. 4p . we can assume that Vfc > 

• S k C Sfc+i 

• s° - s° 

• b k — b k+l 

• -Rfe Q Rk+i 

i.e. the components of the processes P k (k > 0) have the following properties: 
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So C Si C 5 2 C ... 



o 



• S = S 1 

• Ro C i?i C P 2 C ... 

The process lim P& has the form 

fe>0 fc>0 

It is easy to prove that for each k > 

P fe lim P fe 

Theorem 29. 

Let {Pfc | /c > 0} and {Qk \ k > 0} be sequences of embedded processes. 
Then 

• lim (a.Pfc) = a.( lim P fc ) 

fc— s-oo fc— s-oo 

• lim (P fc + Q fc ) = ( lim P fe ) + ( lim Q fc ) 

fc— s-oo fc— S-OO fc— s-oo 

• lim (P fc I Q fc ) = ( lim P k ) | ( lim Q fc ) 

fc— s-oo fc— >-oo fc— s-oo 

• lim(P fc \L) = (limP fc )\L 

fc— s-oo fc— s-oo 

. lim(P fc [/]) = (limP fc )[/] ■ 

fc— s-oo fc— s-oo 

Let 

• P be a PE, 

• Al, . . ., A n be a list of all process names occurred in P. 
Then for every n-tuple of processes Pi, . . ., P n the notation 

P(P 1 /A 1 ,...,P n /A„) 

denotes an expression over processes (as well as its value) obtained from P 
by replacement for each % — 1, . . . , n each occurrence of the 
process name Aj, on the corresponding process p. 

Theorem 30. 

Let 
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• P be a PE, and 

• Ax, . . ., An be a list of all process names occurred in P. 
Then for every list of sequences of embedded processes of the form 

{Pl k) | k > 0}, ... {Pi k) \k>0} 
the following equality holds: 

PmmPl k) )/A 1 ,...,(limPW)/A n ) = 

k— >oo fe— >QO 

= lim ^PfMi.-^iW 

AC— »00 

Proof. 

This theorem is proved by induction on the structure of the PE P, using 
theorem l2Tfl ■ 

5.5 Processes defined by process expressions 

In this section we describe a rule which associates with each PE P a process 
[P], which is defined by this PE. 

If P is a process constant, then [P] is a value of this constant. 

If P has one of the following forms 

a.Px, Px + P 2 , P1IP2, Pi\L, Px[f] 

then [P] is a result of applying of the corresponding operation to the process 
Px or to the pair of processes (Pi, P 2 ), i.e. 

{a.Pj^a.{Pj 

[Pi + P 2 ] = [Pi] + [P 2 ] 

[Pi I P2] = [Pi] I [P2] 
[P\L] d ^ f [P]\L 

[i 3 [/] ] = [P] [f] 

We now describe a rule that associates processes with process names. 
Let {Ai = Pi I i = 1, . . . , n} be a RD. 
Define a sequence of lists of processes 

{(P 1 (fc) ,...,P«)|fc>0} (5.5) 

as follows: 
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if the processes P[ , . . ., P^- 1 are already defined, then for each 



l,...,n 



Pt 1) = Pi(Pl k) /A 1 ,...,Pl k) /A n ) 
We prove that for each k > and each % — 1 , . . . , n 

The proof will proceed by induction on k. 

base of induction: 

If k — 0, then by definition P/ ^ coincides with the process 0, which 
can be embedded in any process. 

inductive step: 

Suppose that for each i — 1, . . . , n Pj ^ ^ P/ fc ^. 

By definition of the processes from the set (I5.5p . the following equalities 
hold: 

P V = p.(pW/A 1 ,...,PS'-»/A n ) 
P l {k+1) = P l (Pi k) /A u ... J P^/A n ) 

The statement P/ fc ^ ^ p( k+1 ) f n ows from theorem [281 ■ 

Define for each i = 1, . . . , n the process {A J as the limit 

[Aij d = f Hm if > 

fc— >oo 

From theorem [30] it follows that for each i = 1, . . . ,n the following chain 
of equalities holds: 

P t {[A 1 ]/A 1 ,...,[A n ]/A n ) = 

= P(( hm P < f ) )/A 1 , • • • , Dim P^ k) )/A n ) = 

k— >oo fc— >oo 

= limP l (P 1 (fe) Mi,...,P , i fe) Mn) = 

fc— >oo 

= hm (p/ fc+1) ) = [Aj] 

fe— >oo 

i.e. the list of processes 

[i4il,...,[4J 
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is a solution of the system of equations, which corresponds to the RD 

Mi = Pi 

A — P 

(variables of this system of equations are the process names A\, . . ., A n ). 

5.6 Equivalence of RDs 

Suppose that there is given a couple of RDs of the form 

A W = p(D f A (2) = p(2) 

and I ... (5.7) 

Ml) _ p(l) 4(2) = p(2) 

n ?i v n n 

For each n-tuple of processes Qi, . . ., Q n the string 

Pi^(Ql) • • • ) Qn) 

denotes the following expression on processes (and its value): 

Pp\Q 1 /A{'\ Q n /A®) (i = 1, . . . , n; j = 1, 2) 

Let /x be an equivalence on the set of all processes. 

RDs (I5.7p are said to be equivalent with respect to //, if for 

• each n-tuple of processes Qi, . . ., Q n , and 

• each i = 1, ... ,n 

the following statement holds: 

(pP(Q 1 ,...,Q n ), P/ 2) (Q 1; ...,g„)) G/i 
Theorem 31. 

Let \i be a congruence on the set of all processes. 

For every couple of RDs of the form (15. 7p . which are equivalent with 
respect to u, the processes defined by these RDs, i.e. 

\i = l,...,n} and {[4 (2) ] \i = 1, . . . , n} 

are also equivalent with respect to «, i.e. 

Vi = l,...,n [4 2) ]) GA* ■ 
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5.7 Transitions on PE 



There is another way of defining of a correspondence between PEs and pro- 
cesses. This method is related to the concept of transitions on the set PE. 
Every such transition is a triple of the form (P,a,P'), where P, P' G PE, 
and a G Act. We shall represent a transition (P, a, P') by the diagram 

P —2— P' (5.8) 

We shall define the set of transitions on PE inductively, i.e. 

• some transitions will be described explicitly, and 

• other transitions will be described in terms of inference rules. 

In this section we assume that each process is a value of some process 
constants. 

Explicit transitions are defined as follows. 

1. if P is a process constant, then 

p a . p' 

where P' is a process constant, such that 

• values of P and P' have the form 

(S,s°,R) and (S,s\R) 

respectively, and 

• R contains the transition s° — — - s 1 

2. a.P —5— P , for any a.P G PE 

Inference rules for constructing of new transitions on PE from existing 
ones are defined as follows. 

1. if P —5— P', then 

• P + Q —5— P' , and 

• Q + P —5— P' 
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• P\Q P'\Q , and 

• Q\P^+Q\P> 

• if L C Names, a ^ r, and name(a) L, then 

P \ L P'\L 

• for each renaming / 

2. if a ^ r, then from 

Pi —5— P{ and P 2 — ^— P^ 

it follows that 

Pi | P 2 — ^ A' | P' 



2 



3. For each RD ( 15. lft and each z G {1, . . . , n} 

if P —2— P' 
then A- — P' 



(5.9) 



For each PE P G PE a process [P], which corresponds to this PE, has 
the form 

(PE,P,K) 
where 1Z is a set of all transitions on PE. 

Theorem 32. 

For each RD (15. ip and each i — 1, . . . , n the following statement holds 

[Ai] - Pi (lA l ]/A 1 ,...,lA n yA n ) 

(i.e. the list of processes [A], . . . , [A] is a solution (with respect to ~) of 
the system of equations which corresponds to RD (15.11) . ■ 
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5.8 A method of a proof of equivalence of 
processes with use of RDs 



One of possible methods for proof of an equivalence (~ or f») between two 
processes consists of a construction of an appropriate RD such that both of 
these processes are components with the same numbers of some solutions of 
a system of equations related to this RD. 

The corresponding equivalences are substantiated by theorem [33 

To formulate this theorem, we introduce the following auxiliary notion. 

Let n be a binary relation of the set of all processes, and let there is given 
an RD of the form (15.11) . 

A list of processes, defined by the RD, is said to be unique up to fi, if for 
each pair of lists of processes 

(Q?,...,QU) and (Q?\...,QW) 

which satisfies to the condition 
Vi = 1, . . . , n 
([Ql 1) ),PM ) /A u ...,QV/A n )) G n 
(iQh, Pi(Q? ) /A l ,...,QW/A n )) G // 

the following statement holds: 

Vi = l,...,n ([QS 1} ], [<??>]) G/i 

Theorem 33. 

Let there is given a RD of the form (15. ip . 

1. If each occurrence of each process name Ai in each PE Pj is contained 
in a subexpression of the form a.Q, then a list of processes, which is 
defined by this RD, is unique up to ~. 

2. If 

• each occurrence of each process name A4 in each PE Pj is contained 
in a subexpression of the form a.Q, where a 7^ r, and 

• each occurrence of each process name A4 in each PE Pj is contained 
only in subexpressions of the forms a.Q and Qi + Q 2 

then a list of processes, defined by this RD, is unique up to m. ■ 



127 



5.9 Problems related to RDs 

1. Recognition of existence of finite processes that are equivalent (with 
respect to ~, ~, ~) to processes of the form {A}. 

2. Construction of algorithms for finding minimal processes which are 
equivalent to processes of the form [A\ in the case when these processes 
are finite. 

3. Recognition of equivalence of processes of the form [A] 

(these processes can be infinite, and methods from chapter H] are not 
appropriate for them). 

4. Recognition of equivalence of RDs. 

5. Finding necessary and sufficient conditions of uniqueness of a list of 
processes which is defined by a RD (up to ~, ~). 
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Chapter 6 

Examples of a proof of 
properties of processes 

6.1 Flow graphs 

In this section we describe a notion of a flow graph, which is intended to 
enhance a visibility and to facilitate an understanding of a relationship be- 
tween components of complex processes. Each example of a complex process, 
which is considered in this book, will be accompanied by a flow graph, which 
corresponds to this process. 

Let Pi, . . . , P n be a list of processes. 

A structural composition of the processes Pi, . . ., P n is an expression 
SC over processes, such that 

• SC contains only processes from the list Pi, . . ., P n , and 

• each symbol of an operation, which consists in SC, is a symbol of one 
of the following operations: 

— parallel composition, 

— restriction, 

— renaming. 

Each structural composition SC can be associated with a diagram, which 
is called a flow graph (FG) of SC. 

A FG of a structural composition SC is defined by induction on a struc- 
ture of SC as follows. 
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1. If SC consists of only a process P i} then FG of SC is an oval, inside of 
which it is written an identifier of this process. 

On the border of this oval it is drawn circles, which are called ports. 
Each port corresponds to some input or output action a G Act(Pi), and 

• an identifier of this action is written near of the port, as a label 
of the port, 

• if a is an input action, then the port is white, 

• if a is an input action then the port is black. 

For every a G Act(Pi) \ {r} there is a unique port on the oval, such 
that its label is a. 

2. If SC = SCi | SC2, then a FG of SC is obtained by a disjoint union of 
FGs of SC\ and SC2, with drawing of labelled arrows on the disjoint 
union: for 

• every black port p\ on one of these FGs, and 

• every white port p 2 on another of these FGs, such that labels of 
these ports are complementary actions 

it is drawn an arrow from p± to p 2 with a label name(a), where a is a 
label of p\. 

3. If SC = SCi \ L, then a FG of SC is obtained from a FG of Sd by a 
removal of labels of ports, whose names belong to L. 

4. If SC = Sd [f], then a FG of SC is obtained from a FG of Sd by a 
corresponfing renaming of labels of ports. 

If P is a process which is equal to a value of a structural composition SC, 
then the notation FG(P) denotes a FG of SC. 

6.2 Jobshop 

Consider a model of a jobshop, which employs two workers, who use for 
working one mallet. 
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A behavior of each worker in the jobshop is described by the following 
process Jobber 



where 

• the actions in ? and out ! are used for interaction of a worker with a 
client, and denote 

— receiving of a material, and 

— issuance of a finished product 

respectively, 

• actions getjandjwork ! and put ! are used for interaction of a worker 
with a mallet and denote 

— taking a mallet and working with it, and 

— returning the mallet 

respectively. 

The action get_andjwork ! consists of several elementary actions. We do 
not detail them and combine them in one action. 

According to the definition of the process Jobber, a worker works as 
follows: 

• at first he accepts a material 

• then he takes the mallet and works 




out\ 



get_and_work\ 
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• then he puts the mallet 

• then he gives the finished product 

• and all these actions are repeated. 

A behavior of the mallet we present using the following process Mallet: 

getjandjworkl 



Mallet 



put? 



Busy 



(note that the object "mallet" and the process "Mallet" are different con- 
cepts). 

A behavior of the jobshop is described by the process Jobshop: 

Jobshop = (Jobber \ Jobber \ Mallet) \ L 

where L = {get_andjwork, put}. 

A flow graph of the process Jobshop has the following form. 



in 




Jobber 



out 



get_andjwork 



Mallet 




put 



get_an djwork 
in 




Jobber 



J 



out 



put 



We now introduce the notion of an abstract worker, about whom we 
know that he cyclically 

• accepts a material and 

• gives finished products 
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but nothing is known about details of his work. 

A behavior of the abstract worker we describe by the following process 
Abs -Jobber: 



==\ in? 



Abs-Jobber )), '( Doing ) 
* out\ v y 



A behavior of an abstract jobshop we describe by the following process 
Abs_Jobshop: 

Abs-Jobshop = Abs-Jobber \ Abs-Jobber 

The process Abs-Jobshop is used as a specification of the jobshop. This 
process describes a behavior of the jobshop without details of its implemen- 
tation. 

Prove that the process Jobshop meets its specification, i.e. 

Jobshop ft Abs_Jobshop (6.1) 

The process Abs -Jobshop is a parallel composition of two processes Abs -Jobber . 
In order to avoid conflicts with the notations, we choose different identifiers 
to refer the states of these processes. 

Suppose, for example, that these processes have the form 




where i — 1,2. 

Parallel composition of these processes has the form 
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A U A 2 



in: 



outl 



D X ,A 2 



in 1 . 



outl 



in'. 



outl 



A U D 



in? 



outl 



(D 1 ,D 2 



Applying to this process the procedure of minimization with respect to 
observational equivalence, we get the process 




in? 



outl 



outl 



(6.2) 



The process Jobshop has 4-4-2 = 32 states, and we do not present it here 
because of its bulkiness. After a minimization of this process with respect to 
observational equivalence, we get a process, which is isomorphic to process 
(16.21) . This means that the following statement holds: 



Jobshop ~ Abs-Jobshop 



(6.3) 



Because there is no transitions with a label r, starting from initial states of 
processes 

Jobshop and Abs-Jobshop 
then on the reason of (16. 3p we conclude that (16.11) holds. 



6.3 Dispatcher 

Suppose that 

• there is some company which consists of several groups: Gi, 
and 
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• there is a special room in the building, where the company does work, 
such that any group Gi (i G {1, . . . , n}) can use this room to conduct 
their workshops. 

There is a problem of non-conflictual use of the room by the groups G\, 
. . ., G n . This means that when one of the groups conducts a workshop in the 
room, other groups should be banned to hold their workshops in this room. 

This problem can be solved by use of a special process, which is called a 
dispatcher. 

If any group Gi wants to hold a workshop in this room, then Gi should 
send the dispatcher a request to provide a right to use the room for the 
workshop. 

If the dispatcher knows that at this time the room is busy, then he don't 
allows Gi to use this room. 

When the room becomes free, the dispatcher sends Gi a notice that he 
allows to the group Gi use this room. 

After completion the workshop, the group Gi must send the dispatcher a 
notice that the room is free. 

Consider a description of this system in terms of the theory of processes. 

A behavior of the dispatcher is described by the process D, a graph 
representation of which consists of the following subgraphs: for each i = 
1, . . . , n it contains the subgraph 



reqi ( 




i.e. 



n 



D ~ J^regj?. acgj. rel{!. D 



i=l 



Actions from Act(D) have the following meanings: 



• reqi ? is a receiving of a request from the group Gi 
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• acqi ! is a sending G t of a notice that Gi may use the room 

• reli ? is a receiving a message that Gi released the room. 
In the following description of a behavior of each group Gi 

• we shall describe only an interaction of Gi 

— with the dispatcher, and 

— with the room 

and 

• will not deal with other functions of G^ 
We shall denote 

• a beginning of a workshop in the room by the action start !, and 

• a completion of the meeting by the action of finish !. 

A behavior of the group Gi we describe by a process Gi, which has the 
following graph representation: 




i.e. Gi ~ reqA. acqp.. startl. finish]. relA. G^ 

A joint behavior of the dispatcher and the groups can be described as the 
following process Sys: 

Sys=(D\G 1 \ ...\G n )\L 
where L = {reqi, acqi, reli \ i — 1, • • • , n}. 
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A flow graph of the process Sys for n = 2 has the following form 



start 




reli 



acqi 



reqi 



reL 



D 



acq 2 



req 2 



start 



o Go 




finish 



finish 



We now show that the processes which represent a behavior of the dis- 
patcher and the groups indeed provide a conflict-free regime of use of the 
room. 

The conflict-free property is that 

• after a start of a workshop in the room of any group (i.e. after an 
execution the action startl by this group), and 

• before a completion of this workshop 

there is no another group which also may hold a workshop in this room (i.e. 
which also can execute the action startl) until the first group has completed 
its workshop (i.e. until it has executed the action finishl). 
Define a process Spec as follows: 




startl 



finishl 



i.e. Spec ~ startl. finishl. Spec. 

The conflict-free property of the regime of use of the room is equivalent 
to the following statement: 

Sys fa Spec (6.4) 
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To prove this statement, we transform the process Sys, applying several 
times the expansion theorem: 

Sys ~ 

/ acqil. rel{! . D\G\ \ ... 

... | acqil. startl. finishl. rekl- Gi \ . . . \\L 
\...\G n 
f rekl- D\d \ ... 

... | startl. finishl. rekl. Gi \ . . . \\L 
\...\G n 

i rekl. D\Gi \ ... 

... | finishl. rekl. Gi \ . . . I \ L 
\...\G n 

rekl. D | G x 

~ t.t. startl. finishl. \ . . . \ rekl. Gi \ . . . \\L 

... | G n 
D\d \ ... 

J2 t.t. startl. finishl. r. \ . . . \ Gi \ . . . \ \ L 

■ ■ G„ 



~ E r 

i=i 



~ E T.T. 

i=l 



~ E t.t. startl. 

i=l 



i=l 



i=l 



Sys 



E t.t. startl. finishl. T.Sys 

i=l 



Using the rules 



P + P~P and a.T.PSia.P 



we get the statement 



Sys ~r. startl. finishl. Sys 
We now consider the equation 

X = t. startl. finishl. X 



(6.5) 



According to theorem [33] from section 15.81 there is a unique (up to ~) 
solution of equation (16. 5 p . 

As shown above, the process Sys is a solution of (16. 5 p up to m. 
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The process r.Spec is also a solution of (16.51) up to ~, because 

r.Spec ~ r. startl . finish] . Spec& 
^r. start], finish]. (r.Spec) 

Consequently, the following statement hold: 

Sys ps r.Spec 

This statement implies ( 16. 4ft . 

6.4 Scheduler 

Suppose that there are n processes 

Pi i ■ ■ ■ j Pn 

and for each % — 1, . . . , n the set Act(Pi) contains two special actions: 

• the action a,?, which can be interpreted cLS cL SI enal 

Pi starts its regular session 

• the action which can be interpreted cLS cL si enal 

Pi completes its regular session 

We assume that 

• all the names 

are different, and 

• V % = 1 , . . . , n each name from 

names (Act(P.j)) \ {aa, 
does not belong to the set ( 16. 9|h 
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Let L be the set flgg) . 

For each z = 1, . . . , n the actions from the set 

Act{Pi)\ 

are said to be proper actions of the process Pj. 

An arbitrary trace of each process P, may contain any quantity of the 
actions ap. and /%? in any order. 

We would like to create a new process P, in which all the processes Pi, 
. . ., P n would work together, and this joint work should obey certain regime. 

The process P must have the form 

P = (Pi | ... \P n \ Sch) \ L 

where the process Sch 

• is called a scheduler, and 

• is designed for an establishing of a required regime of an execution of 
the processes P%, . . ., P n . 

Non-internal actions, which may be executed by the process Sch, must 
belong to the set 

{ai!,...,a n !,/3i!,...,/3J} (6.10) 
By the definition of the process P, for each i — 1, . . . , n 

• the actions ap. and {3p can be executed by the process p G ( 16. 6 j) within 
the process P only simultaneously with an execution of complementary 
actions by the process Sch, and 

• an execution of these actions will be invisible outside the process P. 

Informally speaking, each process Pi, which is executed within the process 
P, may start or complete its regular session if and only if the scheduler Sch 
allows him to do it. 

A regime, which must be respected by the processes Pi, . . ., P n , during 
their execution within the process P, consists of the following two conditions. 

1. For each i = l,...,n an arbitrary trace of the process Pj, which is 
executed within the process P, should have the form 

OLp . . . pp . . . OLp . . . (3 p . . . 
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(where the dots represent proper actions of the process Pj), i.e. an 
execution of the process Pj should be a sequence of sessions of the form 

... /3i? ... 

where each session 

• starts with an execution of the action a{! 

• then several proper actions of Pi are executed, 

• after a completion of the session the action f3{! is executed, and 

• then Pi can execute some proper actions 

(for example, these actions can be related to a preparation to the 
next session). 

2. The processes Pi, . . ., P n are obliged to start their new sessions in 
rotation, i.e. 

• at first, only P x may start its first session 

• then, P2 may start its first session 

• . . . 

• then, P n may start its first session 

• then, Pi may start its second session 

• then, P 2 may start its second session 

• etc. 

Note that we do not require that each process Pj may receive a permission to 
start its A;-th session only after the previous process p_i completes its A;-th 
session. However, we require that each process Pj may receive a permission 
to start a new session, only if Pj executed the action f3{! (which signalizes a 
completion of a previous session of p). 

Proper actions of the processes Pi, . . ., P n can be executed in arbitrary 
order, and it is allowably an interaction of these processes during their exe- 
cution within the process P. 

The described regime can be formally expressed as the following two 
conditions on an arbitrary trace 

tr G Tr(Sch) 
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In these conditions we shall use the following notation: if 

tr E Tr(Sch) and M C Act 

then tr \ m denotes a sequence of actions, which is derived from tr by a 
removal of all actions which do not belong to M. 

Conditions which describe the above regime have the following form: 

Vtr e Tr(Sch), Vi = l,...,n 
tr\ {ai , M = (ail p t \ oti\ 0i\ oii\ t \ . . .) 

and 

^ I {a u ..,a n } = V a V ■■■ a n- «l' ••• ««! • • •) 

These conditions can be expressed as observational equivalence of certain 
processes. 

To define these processes, we introduce auxiliary notations. 
1. Let ai . . . a n be a sequence of actions from Act. Then the string 

(ai . . . a n )* 

denotes a process which has the following graph representation 




2. Let P be a process, and 

{a u ...,a k }CAct\{T} (6.13) 

be a set of actions. 
The string 

hide (P, ai, . . . , afc) (6.14) 

denotes the process 

( P| (ai)* I ••• I (afc)* ) \names({ai,...,a fc }) 
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Process (I6.14p can be considered as a process, which is obtained from P 
by a replacement on r of all labels of transitions of P, which belong to the 
set f l6T3j) . 

Using these notations, 

• condition ( 16. lip can be expressed as follows: for each i = 1, . . . n 

, / Sch, ax\,...,ai-i\,ai + i\,...,a n \ \ ^ 

{ ft!,...,ft_i!,ft+i!,...,ft! )~ (6.15) 

« («,!• A!)* 

and 

• condition ( 16 . 1 2 j) can be expressed as follows: 

hide (Sch, ft!, . . . , ft!) w (aj. . . . <*„!)* (6.16) 

It is easy to see that there are several schedulers that satisfy these con- 
ditions. For example, the following schedulers satisfy these conditions: 

• Sch = (a a !ft! ... ajft!)* 

• Sch = (ai! . . . a„! ft! . . . ft!)* 

However, these schedulers impose too large restrictions on an execution 
of the processes Pi, ... , P n . 

We would like to construct such a scheduler that allows a maximal free- 
dom of a joint execution of the processes P±, . . . , P n within the process P. 

This means that if at any time 

• the process Pj has an intention to execute an action a e ft?}, and 

• this intention of the process Pj does not contradict to the regime which 
is described above 

then the scheduler should not prohibit P, to execute this action at the current 
time, i.e. the action a must be among actions, which the scheduler can 
execute at the current time. 

The above informal description of a maximal freedom of an execution of 
a scheduler can be formally clarified as follows: 

• each state s of the scheduler be associated with a pair (i,X), where 
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— i e {1, . . . , n}, i is a number of a process, which has the right to 
start its regular session at the current time 

— X C {1, . . . , n} \ {i}, X is a set of active processes at the current 
time 

(a process is said to be active, if it started its regular session, but 
does not completed it yet) 

• an initial state of the scheduler is associated with a pair (1,0) 

• a set of transitions of the scheduler consists of 

— transitions of the form 



where 

* s is associated with (i, X) 

* s' is associated with (next(i),X U {i}), where 

/ .x def / i + 1, if i < n, and 
y 1, iii — n 

and transitions of the form 



where 

* s is associated with (i,X), 

* s' is associated with (i,X \ {j}), where j e X 

The above description of properties of a required scheduler can be considered 
as its definition, i.e. we can define a required scheduler as a process Scho 
with the following components: 

• a set of its states is the set of pairs of the form 

{(i,X)e{l,...,n}x P({l,...,n})\i?X} 

• an initial state and transitions of Sch are defined as it was described 
above. 
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The definition of the scheduler Sch Q has a significant deficiency: a size of 
the set of states of Sch exponentially depends on the number of processes 
(I6.6p . that does not allow quickly modify such scheduler in the case when the 
set of processes (I6.6P is changed. 

We can use Sch only as an reference, with which we will compare other 
schedulers. 

To solve the original problem we define another scheduler Sch. We will 
describe it 

• not by explicit description of its states and transitions, but 

• by setting of a certain expression, which describes Sch in terms of a 
composition of several simple processes. 

In the description of the scheduler Sch we shall use new names 71, . . . , 
7 n . Denote the set of these names by the symbol T. 
Process Sch is defined as follows: 

Sch = {Start I d I . . . I C n ) \ V (6.17) 

where 

• Start == 71!. 

• for each i — 1, . . . , n the process Ci is called a cycler and has the form 
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A flow graph of Sch in the case n = 4 has the following form: 




We give an informal explanation of an execution of the process Sch. 
The cycler Cj is said to be 

• disabled if it is in its initial state, and 

• enabled, if it is not in its initial state. 

The process Start enables the first cycler C\ and then "dies" . 
Each cycler Cj is responsible for an execution of the process Pj. The 
cycler Cj 

• enables the next cycler C next u) after he gave a permission to the process 
Pi to start a regular session, and 

• becomes disabled after he gave a permission to the process Pj to com- 
plete a regular session. 
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Prove that process (16.171) satisfies condition (I6.16P (we omit checking of 
condition (I6.15P ). 

According to the definition of process (16.141) . condition (I6.16P has the 
form 

(Sch | (/3i?)* | ... | (&?)*) \ B « . . . a n \y (6.18) 

where B = {(3i, . . . , f3 n }. 

Let Sch' be the left side of flSTTSj) . 
Prove that 

Scti&r.atl. ...a n \. Sch' (6.19) 

Hence by the uniqueness property (with respect to of a solution of the 
equation 

X = r.a\\. . . . a n \. X 

we get the statement 

Sch' ~ (r ai\\ ... a n \ )* 

which implies (I6.18p . 

We will convert the left side of the statement (I6.19P so as to obtain the 
right side of this statement. To do this, we will use properties 8, 11 and 12 of 
operations on processes, which are contained in section 13.71 We recall these 
properties: 

• P\L = P, if Ln names(Act(P)) = 

• (P 1 \P 2 )\L = (P 1 \L)\(P 2 \L), if 

L n namesiAct^) n Act(P 2 )) = 

• (P\L 1 )\L 2 = P\(L 1 UL 2 ) = (P\L 2 )\L 1 

Using these properties, it is possible to convert the left side of (16.191) as 
follows. 

Sch' = 

= (Sch\(p 1 ?y\ ... | (/?„?)*) \b = 

( ((Start |d | ... |O0\r)| \ (6.20) 
= (Start \C[ \ ... \C' n )\T 

where 

C[ = (Q | (A?)*) \ {A} 
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Note that for each i = 1, . . . , n the following statement holds: 

C[ ~ 7 l ?-« l !.7n e ^)!.C; (6.21) 
Indeed, by the expansion theorem, 



G[ = (( 7i ?. 7nc!rt(i) !. A!. CO I (A?)*) \ {A} 
~ 7i?. ail 7nexi(i) ! - r -C 4 ' ~ ri g nt side of ^.2ip 

Using this remark and the expansion theorem, we can continue the chain 
of equalities (I6.20p as follows: 

{Start | C[ | C 2 | . . . | C' n ) \ Y « 
' (tiL_0 I 7i?- ai! ; 7 2 !- | C 2 | . . . | C' n ) \ Y ~ 

=Start + 

r. (0iaxi.72i.cnC2! ••• \c n )\r = 
r. (a a !.7si!.ci|C£| ... |c;)\r~ 

r. ai!. ( 72 !.q|^| ... |C;)\r^ 

w r. ai !. (72!. C[ I 72?. a 2 l. 73!. C 2 \ . . . \ C' n ) \ Y ~ 

' ? ' (6.22) 

~ r. ail r. (C[ \ a 2 \. 73!. c{\ . . . \ C' n ) \ Y ~ . . . ~ 



r. ai !.r.a 2 !. ...r.aj. (C[\ ... \^\.C' n )\Y^ 

&r. ai \. . (C[\ ... | 7l !.c;)\r~ 
&r. ai \. ( 7l ?. ai!. 7a !.cs 1 ... | 7 i!.c;)\r 

S v ' 

~r. a x !. ...aj. r. {a x \. l2 \. C[\ ... \C' n )\Y 

The underlined expression on the last line of the chain coincides with an 
expression on the fourth line of the chain, which is observationally congruent 
to Sch'. 

We have found that the last expression of the chain (I6.22p is observation- 
ally congruent to the left side and to the right side of (I6.19p . 
Thus, the statement (I6.19P is proven. ■ 

A reader is provided as an exercise the following problems. 
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I. To prove 



• condition (16.151) . and 

• the statement Sch ~ Sch , 

2. To define and verify a scheduler that manages a set Pi, . . ., P n of 
processes with priorities, in which each process Pi is associated 
with a certain priority, representing a number pi G [0, 1], where 

n 

-i=i 

The scheduler must implement a regime of a joint execution of the 
processes Pi, . . ., P n with the following properties: 

• for each i = 1, . . . , n a proportion of a number of sessions which 
are completed by the process Pi, relative to the total number of 
sessions which are completed by all processes Pi, . . ., P n , must 
asymptotically approximate to Pi with an infinite increasing of a 
time of an execution of of the processes Pi, . . ., P n 

• this scheduler should provide a maximal freedom of an execution 
of the processes Pi, . . . , P n . 

6.5 Semaphore 

Let Pi, . . . , P n be a list of processes, and for each i — 1, . . . , n the process Pj 
has the following form: 

P = (a^ a a ... a iki &?)* 

where 

• a,? and are special actions representing signals that 

— Pi started an execution of a regular session, and 

— Pj completed an execution of a regular session 

respectively, and 
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• an, ... , a iki are proper actions of the process Pj. 

We would like to create such a process P, in which all the processes Pi, 
. . ., P„ would work together, and this joint work should obey the following 
regime: 

• if at some time of an execution of the process P any process p started 
its regular session (by an execution of the action ccj ?) 

• then this session must be uninterrupted i.e. all subsequent action of 
the process P shall be actions of the process Pj, until P; complete this 
session (by an execution of the action ?). 

This requirement can be expressed in terms of traces: each trace of the 
process P must have the form 

a{! an ... a iki /%? af. a jX ■ ■ ■ ajk 3 A? 

i.e. each trace tr of the process P must be a concatenation of traces 

tri ■ tr 2 ■ tr 3 ... 

where each trace tri in this concatenation represents a session of any process 
from the list Pi, . . ., P n . 

A required process P we define as follows: 

P^ f (Pi[A] | ... | P n [f n ] | Sem)\{-K^} 

where 

• Sem is a special process designed to establish the required regime of 
an execution of the processes Pi, . . ., P n , this process 

- is called a semaphore, and 

— has the form 

Sem = ( tt! <p\ )* 

• fi\ «j h-> 7T, fa\-np 
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A specification of the process P is represented by the following state- 
ment: 

P m r.a n . . . . ai kl . P + . . . + (6 23) 

+ r.a nl a nkn . P 

A proof that the process P meets this specification, is performed by means 
of the expansion theorem: 

P = (P 1 [f 1 \ | ... | P n [f n ] | Sem)\{7r,v?}~ 
7T?.an a lkl .(p?.P 1 \fi] \ ... 

■Pn\fri\ | 

| 7r!. ip\. Sem 

( «ii a lkl .<fl .Pi[fi] | ... | 

r. | vr?.a„i a nkn <p?.P n [f n ] 

\ | <p\. Sem 
+ ...+ 

' 7T?.an ai fel .(^?.Pi[/i] | . . . 




~ r.an. . ..a lkl .r. P + . . . + r.a nl . . . . a nkn .r. P^ 
&T.a n . . ..a lkl . P + . . . + r.a nl . . . . a nkn . P ■ 

Finally, pay attention to the following aspect. The prefix "r." in each 
summand of the right side of (16.231) means that a choice of a variant of an 
execution of the process P at the initial time is determined 

• not by an environment of the process P, but 

• by the process P itself. 

If this prefix was absent, then it would mean that a choice of a variant of an 
execution of the process P at the initial time is determined by an environment 
of the process P. 
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Chapter 7 

Processes with a message 
passing 



7.1 Actions with a message passing 

The concept of a process which was introduced and studied in previous chap- 
ters, can be generalized in different ways. 

One of such generalizations consists of an addition to actions from Act 
some parameters (or modalities), i.e. there are considered processes with 
actions of the form 

(a,p) 

where a G Act, and p is a parameter which may have the following meanings: 

• a complexity (or a cost) of an execution of the action a 

• a priority (or a desirability, or a plausibility) of the action a with respect 
to other actions 

• a time (or an interval of time) at which the action a was executed 

• a probability of an execution of the action a 

• or anything else. 

In this chapter we consider a variant of such generalization, which is 
related to an addition of messages to actions from Act. These messages are 
transmitted together with an execution of the actions. 
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Recall our informal interpretation of the concept of an execution of an 
action: 

• the action a ! is executed by sending of an object whose name is a, and 

• the action a ? is executed by receiving of an object whose name is a. 

We generalize this interpretation as follows. We shall assume that processes 
can send or receive not only objects, but also pairs of the form 

(object, message) 
i.e. an action may have the form 

a\v and a ? v (7.1) 
where a G Names, and v is a message, that can be 

• a string of symbols, 

• a material resource, 

• a bill, 

• etc. 

An execution of the actions a ! v and a ? v, consists of sending or receiving 
the object a with the message v. 
Recall that such entities as 

• a transferred object, and 

• receiving and sending of objects 

can have a virtual character (more details see in section 12731) . 

For a formal description of processes that can execute actions of the form 
(17.11) . we generalize the concept of a process. 
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7.2 Auxiliary concepts 

7.2.1 Types, variables, values and constants 

We assume that there is given a set Types of types, and each type t G Types 
is associated with a set D t of values of the type t. 

Types can be denoted by identifiers. We shall use the following identifiers: 

• the type of integers is denoted by int 

• the type of boolean values (0 and 1) is denoted by bool 

• the type of messages is denoted by mes 

• the type of lists of messages is denoted by list. 
Also, we assume that there are given the following sets. 

1. The set Var, whose elements are called variables. 
Every variable x G Var 

• is associated with a type t(x) G Types, and 

• can be associated with values from the set D t ( x ), i.e. at different 
times the variable x can be associated with various elements of 
the set D t ( x y 

2. The set Con, whose elements are called constant. 
Every constant c G Con is associated with 

• a type t(c) G Types, and 

• a value [c] G D t ^, which is said to be an interpretation of the 

constant c. 

7.2.2 Functional symbols 

We assume that there is given a set of functional symbols (FSs), and each 
FS / is associated with 

• a functional type t(f), which has the form 

(*i,...,t„)->* (7-2) 
where t\, . . . , t n , t G Types, and 
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• a function 

If] : D tl x . . . x D tn -+ D t 
which is called an interpretation of the FS /. 

Examples of FSs: 

+, -, •, head, tail. [ ] 

where 

• the FSs + and — have the functional type 

(int, int) — > int 

the functions [+] and [— ] are the corresponding arithmetic operations 

• the FS • has the functional type 

(list, list) ->■ list 

the function [•] maps each pair of lists (u, v) to their concatenation 
(which is obtained by writing v on the right from u) 

• the FS head has the functional type 

list — > mes 

the function [head] maps each nonempty list to its first element 
(a value of [head] on an empty list can be any) 

• the FS tail has the functional type 

list — > list 

the function [tail] maps each nonempty list u to the list which is de- 
rived from u by a removing of its first element 
(a value of [tail] on an empty list can be any) 

• the FS [ ] has the functional type 

mes — > list 

the function [ j j ] maps each message to the list which consists only of 
this message 
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• the FS length has the functional type 

list — > int 

the function [length] maps each list to its length 
(a length of a list is a number of messages in this list) 

7.2.3 Expressions 

Expressions consist of variables, constants, and FSs, and are constructed 
by a standard way. Each expression e has a type t(e) G Types, which is 
defined by a structure of this expression. 

Rules of constructing of expressions have the following form. 

• Each variable or constant is an expression of the type that is associated 
with this variable or constant. 

• If 

— / is a FS of the functional type (17.21) . and 

— ei, . . . , e n are expressions of the types ti, . . . , t n respectively 

then the list f(ei,..., e n ) is an expression of the type t. 

Let e be an expression. If each variable x occurred in e is associated with 
a value cx(e), then the expression e can be associated with a value a(e) which 
is defined by a standard way: 

• if e = x G Var, then cr(e) == <j{x) 

(the value u{x) is assumed to be given) 

• if e = c G Con, then a(e) = f [c] 

• if e = f(e u . . . ,e n ), then 

Below we shall use the following notations. 

• The symbol S denotes the set of all expressions. 
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• The symbol B denotes the set of expressions of the type bool. 
Expressions from B are called formulas. 

In constructing of formulas may be used boolean connectives (->, A, V, 
etc.) interpreted by a standard way. 

The symbol T denotes a true formula, and the symbol _L denotes a 
false formula. 

Formulas of the form A(&i,5 2 ), V(&i,&2)> etc- we shall write in a more 
familiar form b\ A b 2 , b\ V b 2 , etc. 

In some cases, formulas of the form 

bi A ... A b n and &i V ... V b n 
will be written in the form 

1 1 

respectively. 

• Expressions of the form +(ei, e 2 ), — (ei, e 2 ) and -(ei, e 2 ) will be written 
in a more familiar form e\ + e 2 , e\ — e 2 and e\ ■ e 2 . 

• Expressions of the form head(e), tail(e), [ ](e), and length(e) will be 
written in the form e, e', [e] and |e|, respectively. 

• A constant of the type list, such that [c] is an empty list, will be 
denoted by the symbol e. 
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7.3 A concept of a process with a message 
passing 

In this section we present a concept of a process with a message passing. 
This concept is derived from the original concept of a process presented in 
section 12.41 by the following modification. 

• Among components of a process P there are the following additional 
components: 
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- the component X P , which is called a set of variables of the 

process P, and 

— the component Ip, which is called an initial condition of the 

process P. 

• Transitions are labelled not by actions, but by operators. 

Before giving a formal definition of a process with a message passing, we 
shall explain a meaning of the above concepts. 

For brevity, in this chapter we shall call processes with a message passing 
simply as processes. 

7.3.1 A set of variables of a process 

We assume that each process P is associated with a set of variables 

X P C Var 

At any time i of an execution of a process P (i — 0, 1, 2, . . .) each variable 
x G Xp is associated with a value Gi(x) G Values of the variables may 

be modified during an execution of the process. 

An evaluation of variables from X P is a family a of values associated 
with these variables, i.e. 

a = {a(x) G A(x) I x e X P } 

The notation Eval(X P ) denotes a set of all evaluations of variables from 
X P . 

For each time % > of an execution of a process P the notation Oi denotes 
an evaluation of variables from Xp at this time. 

Below we shall assume that for each process P all expressions referring 
to the process P, contain variables only from the set X P . 

7.3.2 An initial condition 

Another new component of a process P is a formula I P G £>, which is called 
an initial condition. This formula expresses a condition on evaluation a 
of variables from X P at initial time of an execution of P: a must satisfy the 
condition 

<T (Ip) = 1 
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7.3.3 Operators 

The main difference between the new definition of a process and the old one 
is that 

• in the old definition a label of each transition is an action which is 
executed by a process, when this transition is performed, and 

• in the new definition a label of each transition is an operator i.e. a 
scheme of an action, which takes a specific form only when this 
transition is performed. 

In a definition of an operator we shall use the set Names, which was 
introduced in section 12.31 

A set of all operators is divided into the following four classes. 

1. Input operators, which have the form 



where a G Names and x G Var. 

An action corresponding to the operator (17. 3p is executed by 

• an input to a process an object of the form (a,v), where 

— a is a name referred in ( I7.3p . and 

— v is a message 
and 

• a record of the message v in the variable x 

i.e. after an execution of this action a value of the variable x becomes 
equal to v. 

2. Output operators, which have the form 



where a G Names and e G £. 

An action corresponding to the operator (17.41) is executed by an output 
an object of the form (a, v) from a process, where 



a ? x 



(7.3) 



a ! e 



(7.4) 
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• a is a name referred in (17.41) . and 

• v is a value of the expression e on a current evaluation of variables 
of the process. 

3. Assignments (first type of internal operators), which have the form 

x := e (7.5) 

where 

• x G Var, and 

• e G £, where t(e) = t(x) 

An action corresponding to the operator f)7.5p is executed by an updat- 
ing of a value associated with the variable x: after an execution of this 
operator this value becomes equal to a value of the expression e on a 
current evaluation of variables of the process. 

4. Conditional operators (second type of internal operators), which 
have the form 

(b) 

where b G B. 

An action corresponding to the operator (b) is executed by a calculation 
of a value of the formula b on a current evaluation of variables of the 
process, and 

• if this value is 0, then an execution of the whole action is impos- 
sible, and 

• if this value is 1, then the execution is completed. 
The set of all operators is denoted by the symbol O. 

7.3.4 Definition of a process 

A process is a 5-tuple P of the form 

P=(X P ,I P ,S P ,s° P ,R P ) (7.6) 
whose components have the following meanings: 
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1. Xp C Var is a set of variables of the process P 

2. Ip G i3 is a formula, called an initial condition of the process P 

3. Sp is a set of states of the process P 

4. s P G Sp is an initial state 

5. Rp is a subset of the form 

i? P C 5 P x O x S P 
Elements of Rp are called transitions. 
If a transition from Rp has the form (s 1; op, S2), then we denote it as 

op 

Si S 2 

and say that 

• the state s\ is a start of this transition, 

• the state s 2 is an end of this transition, 

• the operator op is a label of this transition. 

Also, we assume that for each process P the set Xp contains a special 
variable at P , which takes values in Sp. 

7.3.5 An execution of a process 

Let P be a process of the form ( 17. 61) . 

An execution of the process P is a bypass of the set Sp of its states 

• starting from the initial state s° P , 

• through transitions from Rp, and 

• with an execution of operators which are labels of visited transitions. 
More detail: at each step i > of an execution 

• the process P is in located at some state 
(s = s P ) 
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• there is defined an evaluation <jj G Eval(Xp) 
(cr (Ip) must be equal to 1) 

• if there is a transition from Rp starting at Sj, then the process 

— selects a transition starting at Sj, which is labelled by such an 
operator opi that can be executed at current step (i), 

(if there is no such transitions, then the process P suspends until 
such transition will appear) 

— executes the operator opi, and then 

— moves to a state Sj+i which is an end of the selected transition 

• if there is no a transition in R P starting in s,, then the process completes 
its work. 

For each i > an evaluation a i+1 is determined 

• by the evaluation <7j, and 

• by the operator opi, which is executed at i-th step of an execution of 
the process P. 

A relationship between <jj, <7j+i, and opi has the following form: 

1. if opi — a?x, and at an execution of this operator it was inputted a 
message v, then 



2. if opi = a \ e, then at an execution of this operator it is outputted the 
message 

and values of variables from Xp \ {atp} are not changed: 
VxeX P \{atp} cr i+1 (x) = Gi(x) 

3. if opi = (x := e), then 



Vy E X P \ {x, atp} 



<?i+i{y) = <?i{y) 



<?i+i(x) = <Ji{e) 
\/x G X P \ {x, atp} 



<Ji(x) 
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4. if opi = (b) and <Ti(b) = 1, then 
\fx G Xp \ {atp} 



We assume that for each % > a value of the variable atp on an evaluation 
<7j is equal to a state s G Sp, at which the process P is located on step i, i.e. 

• a (atp) = s° P 

• ai(at P ) = si, where s 1 is an end of first transition 

• a 2 (atp) = s 2 , where s 2 is an end of second transition 

• etc. 

7.4 Representation of processes by flowcharts 

In order to increase a visibility, a process can be represented by a flowchart. 

A language of flowcharts is originated in programming, where use of this 
language can greatly facilitate a description and understanding of algorithms 
and programs. 

7.4.1 The notion of a flowchart 

A flowchart is a directed graph, each node n of which 

• is associated with an operator op(n), and 

• is depicted as one of the following geometric figures: a rectangle, an 
oval, or a circle, inside of which a label indicating op(n) can be con- 
tained . 

An operator op{n) can have one of the following forms, 
initial operator: 




(7.7) 



where I nit G B is a formula, called an initial condition. 
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assignment operator: 



where 

• x G Var, 

• e G £, where t(e) = t(x) 
conditional operator: 



where 

• a G Names is a name 

(for example, it can be a destination of a message which will be 
sent), and 




(7.9) 



where b G B. 



sending operator: 



a ! e 



(7.10) 
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• e G £ is an expression whose value is a message which will be sent, 
receiving operator: 



a ? x 



(7.11) 



where 

• a G Names is a name 

(for example, it can be an expected source of a message which will 
be received), and 

• x G Var is a variable in which a received message will be recorded. 

choice: 




(7.12) 



join: 




(7.13) 



Sometimes 



• a circle representing this operator, and 
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• ends of some edges leading to this circle 

are not pictured. That is, for example, a fragment of a flowchart of the 
form 




can be pictured as follows: 



halt: 




(7.14) 



Flowcharts must meet the following conditions: 

• a node of the type (17.71) can be only one 
(this node is called a start node) 

• there is only one edge outgoing from nodes of the types (17.71) . (17. 8ft . 

(EHUD, flUED, (UH 

• there are one or two edges outgoing from nodes of the type (I7.9p . and 

— if there is only one edge outgoing from a node of the type (|7.9|) . 
then this edge has the label "+" , and 

— if there are two edges outgoing from a node of the type (17.91) . then 
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* one of them has the label "+" , and 

* another has the label "— " . 

• there is only one edge leading to a node of the type (17.121) 

• there is no edges outgoing from a node of the type (17.141) 

7.4.2 An execution of a flowchart 

An execution of a flowchart is a sequence of transitions 

• from one node to another along edges, 

• starting from a start node n , and 

• with an execution of operators which correspond to visited nodes. 

More detail: each step % > of an execution of a flowchart is associated 
with some node rii which is called current node, and 

• if rii is not of the type (17.141) . then after an execution of an operator 
corresponded to the node rii it is performed a transition along an edge 
outgoing from rii to a node which will be current node at next step of 
an execution 

• if rii is of the type (I7.14p . then an execution of the flowchart is com- 
pleted. 

Let X be a set of all variables occurred in the flowchart. 
At each step i of an execution (i = 0, 1, . . .) each variable x G X is 
associated with a value ai(x). 
The family {<7j(x) | x G X} 

• is denoted by <Tj, and 

• is called an evaluation of variables of the flowchart at i-th step of its 
execution. 

The evaluation o"o must meet the initial condition Init, i.e. the following 
statement must be true: 

ao(Init) = 1 

An operator op(rii) associated with current node rii is executed as follows. 
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If op(rii) has the type (17.81) . then the value (7j(e) is recorded in x i.e. 
a i+ i(x) = o-j(e) 

VyGX\{x} <T i+ i(?/) = f <Ti(y) 

If op(ni) has the type (I7.9P then 

— if <Ji(b) = 1, then a transition along an edge outgoing from n, with 
a label "+" is performed 

— if cr,(6) = 0, and there is an edge outgoing from with a label 
"— " , then a transition along this edge is performed 

— if <Ji(b) = 0, and there is no an edge outgoing from rij with a label 
"— ", then an execution of op{rii) is impossbile. 

If op(rii) has the type (I7.10p then an execution of this operator consists 
of a sending the object 

(a,0i(e)) (7-15) 

if it is possible. 

If a sending the object (17.151) is impossible, then an execution of op(rij) 
is impossbile. 

If op(rii) has the type (17. lip then an execution of this operator consists 
of 

— a receiving the object 

(a,v) (7.16) 

(if it is possible), and 

— a recording of v in the variable x, i.e. 

/ \ def 

VyeX\{y} a l+1 (y) = ^(y) 

If a receiving the object (I7.16P is impossible, then an execution of opijii) 
is impossbile. 

If current node rij is associated with an operator of the type (I7.12p . 
then 
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— among nodes which are ends of edges outgoing from rij it is selected 
a node n labelled by such an operator, which can be executed at 
current time, and 

— it is performed a transition to the node n. 

If there are several operators which can be executed at current time, 
then a selection of the node n is performed non-deterministically. 

• an operator of the type (17.141) completes an execution of the flowchart. 

7.4.3 Construction of a process defined by a flowchart 

An algorithm of a construction of a process defined by a flowchart has the 
following form. 

1. At every edge of the flowchart it is selected a point. 

2. For 

• each node n of the flowchart, which has no the type (I7.12p or 
(17331) . and 

• each pair F\ , F 2 of edges of the flowchart such that F\ is incoming 
in n, and F 2 is outgoing from n 

the following actions are performed: 

(a) it is drawn an arrow / from a point on Fi to a point on F 2 

(b) it is drawn a label label(f) on the arrow /, defined as follows: 

i. if op(n) has the type (|7.8|) . then 

label(f) = f (x := e) 

ii. if op(n) has the type (17.91) . and an edge outgoing from n, has 
a label "+" , then 

label(f) = (6) 

iii. if op(n) has the type (17.91) . and an edge outgoing from n, has 
a label "— ", then 

label(f)= (^b) 
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iv. if op{n) has the type (I7.10p or (17.111) . then label(f) = op{n). 

3. For each node n of the type (17.121) and each edge F outgoing from n, 
the following actions are performed. Let 

• p be a point on an edge incoming to n, 

• p' be a point on F, 

• n' be an end of F, and 

• p" be a poing on an edge outgoing from n' . 

Then 

• an arrow from p' to p" is replaced on an arrow from p to p" with 
the same label, and 

• the point p' is removed. 

4. For each node n of the type (17. 131) and each edge F incoming from n, 
the following actions are performed. Let 

• p be a point on an edge outgoing from n, 

• p' be a point on F, 

• n' be a start of F, and 

• p" be a poing on an edge incoming to n' . 

Then 

• an arrow from p" to p' is replaced on an arrow from p" to p with 
the same label, and 

• the point p' is removed. 

5. States of a constructed process are remaining points. 

6. An initial state s P is defined as follows. 

• If a point which was selected on an edge outgoing from a start 
node of the flowchart was not removed, then s° P is this point. 

• If this point was removed, then an end of an edge outgoing from 
a start note of the flowchart is a node n of the type (I7.13p . In this 
case, s P is a point on an edge outgoing from n. 
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7. Transitions of the process correspond to the pictured arrows: for each 
such arrow / the process contains a transition 

label(f) 

si y±i s 2 

where si and s 2 are a start and an end of the arrow / respectively. 

8. A set of variables of the process consists of 

• all variables occurred in any operator of the flowchart, and 

• the variable at p. 

9. An initial condition of the process coincides with the initial condition 
I nit of the flowchart. 

7.5 An example of a process with a message 
passing 

In this section we consider a process "buffer" as an example of a process with 
a message passing: 

• at first, we define this process as a flowchart, and 

• then we transform this flowchart to a standard graph representation of 
a process. 

7.5.1 The concept of a buffer 

A buffer is a system which has the following properties. 

• It is possible to input messages to a buffer. 

A message which is entered to the buffer is stored in the buffer. 

Messages which are stored in a buffer can be extracted from the buffer. 

We assume that a buffer can store not more than a given number of 
messages. If n is a such number, then we shall denote the buffer as 
Buffer n . 
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• At each time a list of messages 

c u ...,c k {0<k<n) (7.17) 

stored in Buffer n is called a content of the buffer. 

The number k in ( I7.17P is called a size of this content. 

The case k = corresponds to the situation when a content of the 
buffer is empty. 

• If at current time a content of Buffer n has the form (I7.17p . and k < n, 
then 

— the buffer can accept any message, and 

— after an execution of the action of an input of a message c a content 
of the buffer becomes 

Cl ; • • • 5 C/j, c 

• If at current time a content of Buffer n has the form (I7.17p . and k > 0, 
then 

— it is possible to extract the message c\ from the buffer, and 

— after an execution of this operation a content of the buffer becomes 

c 2 ,...,c k 

Thus, at each time a content of a buffer is a queue of messages, and 

• each action of an input of a message to a buffer adds this message to 
an end of the queue, and 

• each action of an output of a message from the buffer 

— extracts a first message of this queue, and 

— removes this message from the queue. 

A queue with the above operations is called a queue of the type FIFO 
(First Input - First Output). 
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7.5.2 Representation of a buffer by a flowchart 

In this section we present a formal description of the concept of a buffer by 
a flowchart. 

In this flowchart 

• an operation of an input of a message to a buffer is represented by an 
action with the name In, and 

• an operation of an output of a message from a buffer is represented by 
an action with the name Out. 

The flowchart has the following variables: 

• the variable n of the type int, its value does not change, it is equal to 
the maximal size of a content of the buffer 

• the variable k of the type int, its value is equal to a size of a content 
of the buffer at current time 

• the variable / of the type mes, this variable will store messages that 
will come to the buffer 

• the variable q of the type list, this variable will store a content of the 
buffer. 

A flowchart representing a behavior of a buffer has the following form: 
(notations used in this flowchart were defined in section IT.2.3j) 
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k < n 



+ 



k > 



+ 



Inlf 




Outlq 





Q'=Q- if] 






k := 


fc + 1 



g := 


= g' 






k : = 


fc - 1 



7.5.3 Representation of a buffer as a process 

To construct a process Buffer n , which corresponds to the above flowchart, 
we select points at its edges: 
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start 

f n>0 

9 = e 
fc = 



Jra?/ 



k < n 



k > 



G 




9 := 9 • [/] 



k := k + 1 



E 



Out\q 





>M 


q := q' 






k:—k — \ 



N 



In a construction of a process defined by this flowchart, the points A, G, 
H, K and iV will be removed. 

A standard graph representation of the process Buffer n is the following. 
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q-=Q- [f] 




q:=q 



7.6 Operations on processes with a message 
passing 

Operations on processes with a message passing are similar to operations 
which are considered in chapter [3] 



7.6.1 Prefix action 

Let P be a process, and op be an operator. 

The process op. P is obtained from P by an adding 

• a new state s, which is an initial state of op. P, 



a new transition s 



Op 



Sp , and 



all variables from op. 
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7.6.2 Alternative composition 

Let Pi, P 2 be processes such that Sp 1 R Sp 2 = 0. 

Define a process Pi + P2, which is called an alternative composition 
of Pi and P2, as follows. 

• sets of its states, transitions, and an initial state are determined by the 
same way as corresponding components of an alternative composition 
in chapter [3J (section 13 .3 j) 

• x Pl+ p 2 = f x Pl u X P , 2 

• IP1+P1 = f I Pi A IPs 

If Sp 1 fl Sp 2 7^ 0, then for a construction of the process Pi + P2 it is 
necessary 

• to replace in Sp 2 those states that are also in P 1 on new states, and 

• modify accordingly other components of P%. 

7.6.3 Parallel composition 

Let Pi and P2 be processes such that Xp 1 fl Xp 2 = 0. 

Define a process Pi | P2, which is called a parallel composition of Pi 
and P2, as follows: 

• a set of its states and its initial state are defined by the same way as are 
defined the corresponding components of the process Pi | P2 in chapter 
131 



•3 

Xp!+p 2 = f x Pl u x P , 2 

IPl+P2 = f I Pi A IP2 

the set of transitions of the process Pi | P2 is defined as follows: 



— for 

* 



each transition si — ^— ►- s[ of the process Pi, and 
* each state s of the process P 2 



177 



the process Pi | P 2 contains the transition 

(si,s) — ^ (s[,s) 

— for 

* each transition s 2 — — s' 2 of the process P 2 , and 

* each state s of the process Pi 

the process Pi | P2 contains the transition 

0,s 2 ) — (s,s' 2 ) 

— for each pair of transitions of the form 

si s\ g R Pl 

s 2 s 2 G Pp 2 

where 

* one of the operators opi, op 2 has the form a ? x, 

* and another has the form a ! e, where t(x) = t(e) 
(names in both the operators are equal) 

the process Pi | P 2 contains the transition 

Oi,s 2 ) ±=x (s;,s 2 ) 

If Xp 1 PI Xp 2 7^ 0, then before a construction of the process Pi | P 2 it is 
necessary to replace variables which occur in both processes on new variables. 

7.6.4 Restriction and renaming 

Definition of there operations is the same as definition of corresponding op- 
erations in chapter |3j 

7.7 Equivalence of processes 

7.7.1 The concept of a concretization of a process 

Let P be a process. 

We shall denote by Conc(P) a process in the original sense of this concept 
(see section 12^41) . which is called a concretization of the process P, and has 
the following components. 



178 



1. States of Conc(P) are 

• all evaluations from Eval(Xp), and 

• an additional state s°, which is an initial state of Conc(P) 

2. For 

op 

• each transition si » S2 of the process P, and 

• each evaluation a G Eval(X P ), such that 

a (atp) = Si 

Conc(P) has a transition 

a , 

a a 

if a' (atp) = S2, and one of the following conditions is satisfied: 

• — op = a! x, a = a! v, where v G D t < x \ 

- a '(x) =v, \/y G Xp \ {x, at P } a'(y) = a(y) 

• — op — ale, a = a \ o~(e) 

- Vrr G Xp \ {atp} a'(x) = a(x) 

• — op = (x := e), a = t 

- <j'(x) = a(e), VyeX P \ {x, at P } a'(y) = a(y) 

• — op = (b), a(b) = 1, a = r 

- Vx G X P \ {atp} a'(x) = a(x) 

3. For 

• each evaluation a G Eval(X P ), such that 

a(Ip) = 1 

• and each transition of Conc(P) of the form a — - — »- a' 
Conc(P) has the transition s° — - — ►- a' 

From the definitions of 
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• the concept of an execution of a process with a message passing (see 
section [7. 3. 5p . and 

• the concept of an execution of a process in the original sense (see section 

it follows that there is a one-to-one correspondence between 

• the set of all variants of an execution of the process P, and 

• the set of all variants of an execution of Conc(P). 

A reader is invited to investigate the commutativity property of the map- 
ping Cone with respect to the operations on processes i.e. to check statements 
of the form 

Gonc{P x | P 2 ) = Conc(P x ) | Conc(P 2 ) 

etc. 

7.7.2 Definition of equivalences of processes 

We define that every pair (Pi,P 2 ) of processes with a message passing is in 

the same equivalence (~, ~, . . .), in which is a pair of concretizations of 
these processes, i.e. 

P x ~ p 2 & Conc^) ~ Conc(P 2 ), etc. 

A reader is invited to 

• explore a relationship of the operations on processes with various equiv- 
alences (~, &,...), i.e. to establish properties, which are similar to the 
properties presented in sections 13.71 14.51 14.8.41 14.9.51 

• formulate and prove necessary and sufficient conditions of equivalence 
(«, ~, . . .) of processes that do not use the concept of a concretization 
of a process. 
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7.8 Processes with composite operators 



7.8.1 A motivation of the concept of a process with 
composite operators 

A complexity of the problem of an analysis of a process essentially depends on 
a size of its description (in particular, on a number of its states). Therefore, 
for a construction of efficient algorithms of an analysis of processes it is 
required a search of methods to decrease a complexity of a description of 
analyzed processes. In this section we consider one of such methods. 

In this section we generalize the concept of a process to the concept 
of a process with composite operators. A composite operator is a sequential 
composition of several operators. Due to the fact that we combine a sequence 
of operators in a single composite operator, we are able to exclude from a 
description of a process those states which are at intermediate locations of 
this sequence of operators. 

Also in this section we define the concept of a reduction of processes with 
composite operators in such a way that a reduced process 

• has a less complicated description than an original process, and 

• is equivalent (in some sense) to an original process. 

With use of the above concepts, the problem of an analysis of a process 
can be solved as follows. 

1. First, we transform an original process P to a process P' with composite 
operators, which is similar to P. 

2. Then we reduce P', getting a process P", whose complexity can be 
significantly less than a complexity of the original process P. 

3. After this, we 

• perform an analysis of P", and 

• use results of this analysis for drawing a conclusion about proper- 
ties of the original process P. 
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7.8.2 A concept of a composite operator 

A composite operator (CO) is a finite sequence Op of operators 

Op=(op 1 ,...,op n ) (n>l) (7.18) 
which has the following properties. 

1. opi is a conditional operator. 

2. The sequence (op2, ■ ■ ■ , op n ) 

• does not contain conditional operators, and 

• contains no more than one input or output operator. 

If Op is a CO of the form f)7.18p . then we shall denote by 

cond {Op) 

a formula b such that op\ = (b) . 
Let Op be a CO. 

• Op is said to be an input CO (or an output CO), if among operators 
belonging to Op, there is an input (or an output) operator. 

• Op is said to be an internal CO, if all operators belonging to Op are 
internal. 

• If Op is an input CO (or an output CO), then the notation 

name (Op) 
denotes a name occurred in Op. 

• If a is an evaluation of variables occurred in cond (Op), then we say 
that Op is open on a, if 

a (cond (Op)) = 1 

7.8.3 A concept of a process with COs 

A concept of a process with COs differs from the concept of a process in 
section [7. 3 . 41 only in the following: labels of transitions of a process with COs 
are COs. 
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7.8.4 An execution of a process with COs 

An execution of a process with COs 

• is defined in much the same as an execution of a process is defined in 
section 17.3.5} and 

• is also a bypass of a set of its states, 

— starting from an initial state, and 

— with an execution of COs which are labels of visited transitions. 

Let P = (Xp, Ip, Sp, s P , Rp) be a process with COs. 
At each step i > of an execution of P 

• the process P is located at some state Si (s = s P ) 

• there is defined an evaluation Oi of variables from Xp 

(<7 (Jp) = 1, (Ti(atp) = Si) 

• if there is a transition from Rp, starting at Sj, then the process 

— selects a transition starting at Sj, which is labelled by a CO Opi 
with the following properties: 

* Opi is open on ex, 

* if among operators occurred in Opi there is an operator of the 
form 

a ? x or ale 

then at current time the process P can execute an action of 
the form 

a ? v or a ! v 

respectively 

(if there is no such transitions, then the process P suspends until 
such transition will appear) 

— executes sequentially all operators occurred in Opi, with a corre- 
sponding modification of current evaluation after an execution of 
each operator occurred in Opi, and thereafter 

— turns to the state Sj + i, which is an end of the selected transition 

• if there is no a transition in Rp starting at Sj, then the process completes 
its work. 
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7.8.5 Operations on processes with COs 

Definitions of operations on processes with COs almost coincide with corre- 
sponding definitions in section I7.6[ so we only point out the differences in 
these definitions. 

• In definitions of all operations COs are mentioned instead of operators. 

• Definitions of the operation " | " differ only in the item, which is related 
to a description of "diagonal" transitions. 

For processes with COs this item has the following form: for each pair 



of transitions of the form 



Opi 



si 

S2 «" S'r 



e Rp 1 
e Rp 2 



where one of the COs Op\, Op2 has the form 



(ppi 



opi, alx, op i+1 , 



and another of the COs has the form 



(opi, 



op-, ale, op j+1 , 



where 



OPn) 



op'J 



t(x) = t(e), 

the subsequences 

(opi+i, 
may be empty 



op n ) and (op' j+1 , 



the process Pi | P2 has the transition 

Op 



{81,82) 



'15 *2) 



where Op has the form 

/ (cond (Opi) A cond (Op?)), \ 



0P2, 
op 2 , 



OPi 

op'j 



{x := e), 

OPi+l, . . . , Op n , 

V op' j+1 , ...,op' m 
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7.8.6 Transformation of processes with a message pass- 
ing to processes with COs 

Each process with a message passing can be transformed to a process with 
COs by a replacement of labels of its transitions: for each transition 



its label op is replaced by a CO Op, defined as follows. 

• If op is a conditional operator, then 

Op = f (op) 

• If op is 

— an assignment operator, or 

— an input or output operator 

then Op = f ((T) , op) 

(remind that T is a true formula) 

For each process with a message passing P we denote the corresponding 
process with COs by the same symbol P. 

7.8.7 Sequential composition of COs 

In this section, we introduce the concept of a sequential composition of 

COs: for some pairs (Opi, Op^) of COs we define a CO, which is denoted as 

Pl ■ Op 2 (7.19) 

and is called a sequential composition of the COs Op\ and P 2- 

A necessary condition of a possibility to define a sequential composition 

(17.191) is the condition that at least one of the COs Opi, Op 2 is internal. 
Below we shall use the following notations. 

1. For 

• each CO Op = (op%, . . . , op n ), and 
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• each assignment operator op 
the notation Op ■ op denotes the CO 

(opi,...,op n ,op) (7.20) 

2. For 

• each internal CO Op = (opt, ■ ■ ■ , op n ), and 

• each input or output operator op 

the notation Op ■ op denotes CO f)7.20p 

3. For 

• each CO Op = (opi, . . . , op n ), and 

• each conditional operator op = (b) 

the notation Op ■ op denotes an object that 

• either is a CO 

• or is not defined. 

This object is defined recursively as follows. 
If n = 1, then 

Op ■ op = f ((cond (Op) A b}) 

If n > 1, then 

• if op n is an assignment operator of the form [x := e), then 

Op ■ op = ((opi, . . . , Op n _x) ■ Op n (op)) -Op n 

" v ' 

(*) 

where 

— op n (op) is a conditional operator, which is obtained from op 
by a replacement of all occurrences of the variable x on the 
expression e 

— if the object (*) is undefined, then Op ■ op also is undefined 
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• if op n is an output operator, then Op ■ op is the CO 

((opi, Op n -i) ■ Op) ■ Op n (7.21) 

• if op n is an input operator, and has the form a ? x, then Op ■ op 

— is undefined, if op depends on x, and 

— is equal to CO ( I7.2ip . otherwise. 

Now we can formulate a definition of a sequential composition of COs. 
Let Opi, Op 2 be COs, and Op 2 has the form 

Op 2 = (opi, . . .,Op n ) 

We shall say that there is defined a sequential composition of Op\ 

and Op2, if the following conditions are met: 

• at least one of the COs Opi, Op 2 is internal 

• there is no undefined objects in the parentheses in the expression 

(. . . ((0 Pl ■ opi) • op 2 ) -...)• op n (7.22) 

If these conditions are met, then a sequential composition Op\ and Op2 
is a value of expression ( I7.22p . This CO is denoted by 

Opi ■ Op 2 

7.8.8 Reduction of processes with COs 

Let P be a process with COs. 

A reduction of P is a sequence 

P = P Pi ■ • • P n (7.23) 

of transformations of this process, each of which is performed according to 
any of the reduction rules described below. Each of these transformations 
(except the first) is made on the result of the previous transformation. 

A result of the reduction (I7.23P is a result of the last transformation (i.e. 
the process P n ). 

Reduction rules have the following form. 



187 



Rule 1 (sequential composition). 

Let s be a state of a process with COs, which is not an initial state, 
and 

• a set of all transitions of this process with an end s has the form 

Opi Opn 

S\ s, . . . , s n *■ s 

• a set of all transitions of this process with a start s has the form 

„ °Pl , „/ c °P'm , „/ 

• s(£ {s 1 ,...,s n ,s' 1 ,...,s' m } 

• for each % = 1, . . . , n and each j = 1, . . . , m there is defined the 
sequential composition 

Opi ■ Opj 

Then this process can be transformed to a process 

• states of which are states of the original process, with the excep- 
tion of s 

• transitions of which are 

— transitions of the original process, a start or an end of which 
is not s, and 

— transitions of the form 

o Pl o P ' 

Si L~ Sj 

for each i — 1, . . . , n and each j — 1, . . . , m 

• — an initial state of which, 

— a set of variables, and 

— an initial condition 

coincide with the corresponding components of the original pro- 
cess. 

Rule 2 (gluing). 

Let P be a process with COs, which has two transitions with a common 
start and a common end: 

81 82, 8i S2 (7.24) 
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and labels of these transitions differ only in first components, i.e. Op 
and Op' have the form 

Op = (opi,op 2 , ■ ■ .,op n ) 
Op' = (op[,op 2 , ■ ■ -,op n ) 

Rule 2 is a replacement of the pair of transitions (I7.24p on a transition 

Op 

si - s 2 

where Op = ((cond (Op) V cond (Op')), op 2 , ■ ■ ■ , op n ) 
Rule 3 (removal of inessential assignments). 

Let 

• P be a process with COs, and 

• op(P) be a set of all operators, occurred in COs of P. 
A variable x G Xp is said to be inessential, if 

• x does not occur in 

— conditional operators, and 

— output operators 
in op(P), 

• if x has an occurrence in right size of any assignment operator 
from op(P) of the form (y := e), then the variable y is inessential. 

Rule 3 is a removal from all COs of all assignment operators of the 
form (x := e), where the variable x is inessential. 

7.8.9 An example of a reduction 

In this section we consider a reduction of the process Buffer n , the graph 
representation of which is given in section 17.5.31 
Below we use the following agreements. 
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• If Op is a CO such that 

cond (Op) = T 
then the first operator in this CO will be omitted. 

• Operators in COs can be placed vertically. 

• Brackets, which embrace a sequence of operators consisting in a CO, 
can be omitted. 

The original process Buffer n has the following form: 
?3V - - - -f: /; r — ! P 



?:=?•[/] 




In?/ (k>0) 



In?f 



Outlq 



Out \ q 



q:=q 



First reduction step is a removing of the state C (we apply rule 1 for 
s = C): 
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Since n > 0, then the formula (k < n) A (k < 0) in the label of the 
transition from B to D can be replaced by the equivalent formula k < 0. 
Second and third reduction steps are removing of states O and P: 
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Fourth and fifth reduction steps are removing of the states D and E: 




192 



Seventh and eighth reduction steps consist of an application of rule 2 to 
the transitions from B to L and from B to M. In the resulting process, we 
replace 

• the formula (0 < k < n) V (k < 0) on the equivalent formula k < n, 
and 

• the formula (0 < k < n) V (k > n) on the equivalent formula k > 0. 




Ninth and tenth reduction steps are removing of states L and M. 



(k < n) 
In? f 

q:=q-[f] 
k:=k + l 



(k > 0) 
Out\ q 




k 



q' 
k 



(7.25) 



The last process is the result of the reduction of Buffer, 
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7.8.10 A concretization of processes with COs 

A concept of a concretization of processes with COs is similar to the concept 
of a concretization of processes with a message passing (see section I7.7.ip . 

Let P be a process with COs. The notation Conc(P) denotes a pro- 
cess in the original sense of this concept (see section [23]), which is called a 
concretization of the process P, and has the following components. 

1. States of Conc(P) are 

• all evaluations from Eval(Xp), and 

• an additional state s°, which is an initial state of Conc(P) 

2. For 

• each transition s\ — s<2 Q f the process P, and 

• each evaluation a G Eval(Xp), such that 

— a (atp) = si, and 

— Op is open on a 

Conc(P) has the transition 



if a' (atp) = S2, and one of the following cases hold: 

(a) Op is internal, a — r, and the following statement holds: 

o P , 
a cr 

which means the following: if Op has the form 

(opt, . . .,op n ) 

then there is a sequence a±, . . . ,a n of evaluations from Eval(Xp), 
such that 

• V x G Xp \ {atp} cr(x) = (Ti(x), a'(x) = a n (x), and 

• Vi = 2, . . . , n, if opi has the form (x :— e), then 

<Ti(x) = o-j-i(e), My G X P \ {x, at P } a^y) = a^y) 
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(b) • Op = Opi ■ (a ? x) ■ Op 2 , 

• a = al v, where v G D t M, and 

• there are evaluations U\ and cr 2 from Eval(Xp), such that 

a cti , a 2 *- o 

a 2 (x) =v, My e X P \ {x, atp} o 2 {y) = ai(y) 

(c) • Op = Op\ ■ (ale) ■ Op2, 

• there is an evaluation a\ from Eval(Xp), such that 

Opi Op2 i i / \ 

a cti , (Ji a , a = a\ai(e) 



3. For 

• each evaluation o G Eval(Xp), such that 

<t(Ip) = 1 

• and each transition of Conc(P) of the form a — - — >~ a' 
Conc(P) has the transition s° — - — >~ a' . 

A reader is invited to investigate a relationship between 

• a concretization of an arbitrary process with a message passing P, and 

• a concretization of a process with COs, which is derived by a reduction 
of the process P. 



7.8.11 Equivalences on processes with COs 

Let Pi and P 2 be processes with COs. 

We shall say that Pi and P 2 & re observationally equivalent and denote 
this fact by 

Pi~P 2 

if the concretizations Conc(Pi) and ConciP^) are observationally equivalent 
in the original sense of this concept (see section H~8j) . 

Similarly, the equivalence ~ is defined on processes with COs. 
Using the concept of a reduction of processes with COs, it is possible to 
define another equivalence on the set of processes with COs. This equivalence 
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• is denoted by « , and 

• is a minimal congruence on the set of processes with COs, with the 
following property: if P' is derived from P by any reduction rule, then 
P ~ P< 

T 

(i.e. w is the intersection of all congruences on the set of processes with 
COs, which have the above property). 
A reader is invited 

• to investigate a relation between 

— operations on processes with COs, and 

— the equivalences ~ and p» 

i.e. to establish properties, which are similar to properties represented 
in sections M\ WSM 14331 

• to formulate and justify necessary and sufficient conditions of observa- 
tional equivalence of processes with COs, without use of the concept of 
a concretization 

+ r 

• explore a relationship between the equivalences ~, ~ and ~ 

• find reduction rules such that 

r + 

7.8.12 A method of a proof of observational equiva- 
lence of processes with COs 

One of possible methods of a proof of observational equivalence of processes 
with COs is based on theorem |3U presented below. 

To formulate this theorem, we introduce auxiliary concepts and notations. 

1. Let P be a process with COs. 

A composite transition (CT) in P is a (possibly empty) sequence 
CT of transitions of the process P of the form 

CT = s s x . . . s n (n > 0) (7.26) 

such that 
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• among the COs Op\, . . . , Op n there is no more than one input or 
output CO 

• there is defined the sequential composition 



which will be denoted by the same symbol CT. 

If sequence (17.261) is empty, then its sequential composition CT by a 
definition is the CO ((T)). 

The state s is said to be a start of CT (17.261) . and the state s n is said 
to be an end of this CT. 

The notation sq s n is an abridged record of the statement that 



• is a CT with the start so and the end s n , and also 

• is a CO that corresponds to this CT. 

2. Let ip and ip be formulas. 

The notation (p < ip is an abridged record of the statement that the 
formula </?—>• ^ is true. 

3. Let Op = (opi, . . . , op n ) be an internal CO, and be a formula. 
The notation Op{ip) denotes a formula defined recursively: 



where op n (<p) denotes the following formula: if op n = (x := e), then 
op n ((p) is obtained from (p by a replacement of each occurrence of the 
variable x on the expression e. 

4. Let <p,ip be formulas, and Op±,Op2 be COs. 



(. . . (0 Pl ■ Op 2 ) •...)• Op, 



CT 
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We shall say that the following diagram is correct 




(7.27) 



if one of the following conditions is met. 

(a) Opi and Op 2 are internal COs, and the following inequality holds: 

y?< (Opi-Op 2 )0) 

(b) Opi and Op 2 can be represented as sequential compositions 

Opi = Op3 • (a ? x) • Op^ 
Op 2 = Op 5 ■ (a?y) ■ Op 6 

where Ops, Op^, Op$, Op$ are internal COs, and the following 
inequality holds 

V<(Op[-Op' 2 )(ij) 

where 

• Op[ = Op3 ■ (x := z) ■ Opi 

• Op' 2 = Op 5 ■ (y := z) ■ Op 6 

• z is a new variable (i.e. z does not occur in </?, ifj, Opi, Op 2 ) 

(c) Opi and Op 2 can be represented as sequential compositions 

Opi = Op 3 ■ (a ! ei) • Op A 
Op 2 = Op 5 ■ (a ! e 2 ) • Op 6 
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where Op 3 , Op 4 , Op 5 , Op 6 are internal COs, and the following 
inequality holds: 

J (Op 3 -Op 5 )( ei = e 2 ) \ 
V- \ (Op 3 -Op,-Op 5 -Op 6 )(ij) j 

Theorem 34. 

Let P\ and P 2 be processes with COs 

P i = (X Pi ,I Fi ,S Pi ,s%,R Pi ) (< = 1,2) 

which have no common states and common variables. 
Then Pi P 2 , if there is a function /x of the form 

/i : Sp 1 x Sp 2 — >■ Fm 

which has the following properties. 

1. / ft A/ ft </i(^ lS y. 

2. For 

• each pair (Al,A 2 ) G x Sp 2 , and 

• each transition A 1 ° p - A[ of the process Pi, such that 

cond(Op) A fi(Ai,4 2 )^± (7.28) 
there is a set of CTs of the process P 2 starting from A 2 

{ A 2 A\ I i e 3} (7.29) 

satisfying the following conditions: 
(a) the following inequality holds: 

cond(Op) A fi(A u A 2 ) < \J cond(CTi) (7.30) 
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(b) for each i 6 3 the following diagram is correct: 




(7.31) 



3. The property symmetrical to previous: for 

• each pair (Ai,A 2 ) G Sp 1 x Sp 2 , and 

• each transition A 2 — A 2 of the process P 2 , such that ( I7.28P 
holds 



there is a set of CTs of the process Pi starting from A% 



A\ |ie 3} 



satisfying the following conditions: 



(a) inequality (17.301) holds 

(b) for each i G 3 the following diagram is correct: 




KA\,A' 2 ) 



(7.32) 



(7.33) 
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7.8.13 An example of a proof of observational equiva- 
lence of processes with COs 

As an example of a use of theorem [3H prove that 

Buffer l » Buf 

where 

• Buffer 1 is a considered above process Buffer n (see (I7.25P ) for n = 1, 
i.e. a process of the form 

(k<l)? (fc>0)? 

In? f Out\q 

q:=q-[f] q := q' 

k := k + 1 k := k - 1 

its initial condition is (& = 0) A (g = e), and 

• 5n/ is a process of the form 

In? x 




Outlx 

The initial condition of this process is T. 
Define a function \x : {A} x {a, 6} — > Fm as follows: 

fi(A,a)= (k = 0)A(q = e) 
= (* = l)A(g=[s]) 

Check properties 1, 2, and 3 for the function //. 

1. Property 1 in this case is the inequality 

((k = 0) A (q = e)) A T < ((jfe = 0) A {q = e)) 

which is obviously true. 
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2. Check property 2. 



For the pair (A, a) we have to consider left transition in the process 
Buffer l (because (17.281) does not satisfied for right transition). 
As (I7.29P we take the set consisting of a single transition from a 
to b. 

Diagram ( I7.3ip in this case has the form 



(k = 0) A (q = e) 



A 



k < 1 
In? f 

9 :=?■[/] 
k := k + 1 



In? x 



(7.34) 



(k = 1) A (q = [x]) 



Using the fact that 

Vip,ip,8eFm {f<^-^6 <=> <pA^<6) (7.35) 
write an inequality corresponding to this diagram in the form 



f k = 

q = e 
k < 1 



< 



k + 1 
q- [z] 



(7.36) 



Clearly, this inequality is true. 

For the pair (A, b) we have to consider only right transition in the 
process Buffer 1 (because condition (17.281) does not satisfied for 
left transition). 

As set (I7.29P in this case we take a set consisting of a single tran- 
sition from b to a. 
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Diagram ( I7.3ip in this case has the form 

(k = 1) A (q = [x]) 
A b 



k>0 
Outlq 
q := q' 
k:=k- 



Outlx 



(7.37) 



(k = 0) A (q = e) 



Using f )7.35p . write the inequality corresponding to this diagram 
in the form 

k = 1 1 ( q = x ) 
q = [x] \ < I k - 1 = I (7.38) 
k>0 J { q' = e J 

Obviously, this inequality is true. 
3. Check property 3. 

• For the pair (A, a) and for a single transition from a to b as f !T.32j) 
we take a set, consisting of left transition from A to A. 

Diagram (17.33P in this case has the form (I7.34p . As already estab- 
lished, this diagram is correct. 

• For the pair (A, b) and for a single transition from b to a as f !T.32j) 
we take a set, consisting of right transition from A to A. 

Daigram (I7.33P in this case has the form (17.371) . As already justi- 
fied, this diagram is correct. 

7.8.14 Additional remarks 

To improve a usability of theorem [M] you can use the following notions and 
statements. 
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Invariants of processes 

Let P be a process with COs. 

A formula Inv with variables from Xp is said to be an invariant of the 
process P, if it has the following properties. 

• Ip < Inv 

• for each transition s — s' of the process P 

— if Op is internal, then Inv < Op(Inv) 

— if Op is an input CO of the form Op\ ■ (a ? x) ■ Op2, then 

Inv < {Opi ■ (x := z) ■ Op 2 )(Inv) 

where z is a variable which does not belong to Xp 

— if Op is an output CO of the form Op\ ■ (ale) ■ Op 2 , then 

Inv < (Opi ■ Op2)(Inv) 
Using the concept of an invariant, theorem [3H can be modified as follows. 

Theorem 35 . 

Let 

• Pi and P 2 be two processes with COs: 

P i = (X Fi ,I Pk ,S Pi y Pt ,R Pi ) (2 = 1,2) 
which have no common states and common variables, and 

• formulas Inv\ and Inv 2 are invariants of the processes P\ and P 2 re- 
spectively. 

Then P\ m P 2 , if there is a function fi of the form 

/i : Sp 1 x Sp 2 —> Fm 
with the following properties. 
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2. For 



each pair (A±,A 2 ) G Sp 1 x Sp 2 , and 



each transition A\ 



Op 



A[ of the process Pi, such that 



cond (Op) 
n(A u A 2 
Invi 
Inv 2 



7^ 



there is a set of CTs of the process P 2 with the start A 2 



CTi 



A\ | % e 3} 



satisfying the following conditions: 

(a) the following inequality holds: 

cond (Op) ] 
V(A U A 2 ) \ 
Invi 
Inv 2 



< V cond (CTi) 



(b) for each i 6 3 the following diagram is correct 



v(Ai,A 2 ) 

Inv\ 

Inv 2 



A, 



An 



(7.39) 



(7.40) 



(7.41) 



Op 



(7.42) 



Ai 



^A[,A\) 



3. The property, which is symmetrical to the previous one: for 
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each pair (Ai,A 2 ) G Sp x x Sp 2 , and 



each transition A 2 
holds, 



Op 



A' 2 of the process P 2 , such that (17.39!) 



there is a set of CTs of the process Pi with the start Ai 



Mi 



CTi 



A\ \ie 3} 



satisfying the following conditions: 

(a) the inequality (I7.4ip holds 

(b) for each i G 3 the following diagram is correct 



Inv\ 
Inv 2 



A\ 



A, 



Op 



A' 



KA\,A> 2 



(7.43) 



(7.44) 



Composition of diagrams 

Theorem 36 . 

Let 

• (p, ip, 9 be formulas 

• Opi, Op 2 be internal COs, such that the following diagram is correct 
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<p 

A B 



o Pl 



Op 2 



c 



D 



Op[, Op' 2 be COs such that the following diagram is correct 




• {Opi,Op[} and {Op 2 ,Op 2 } have no common variables. 
Then the following diagram is correct 
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A B 



Opt ■ Op{ 



E 



Op 2 ■ Op' 2 



7.8.15 Another example of a proof of observational 
equivalence of processes with COs 

As an example of a use of theorems from section 17.8. 14l prove an observational 
equivalence of 

• the process 

(Buffer ni [Pass /Out] | Buffer n% [Pass /In}) \ {Pass} (7.45) 

where Pass (jL {In, Out}, and 

• the process Buffer ni+n2 . 

Process (I7.45P is a sequential composition of two buffers, size of which is 
ni and n 2 respectively. 

A flow graph of this process has the form 




According to the definition of operations on processes with COs (see 
section 17.8.51) . a graph representation of the process (I7.45P has the form 
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(h < ni) 
Inlh 

qi ■= qi ■ [fi] 

ki := ki + 1 



(k 2 > 0) 
Out ! q 2 



Q2 

k 2 



■■ ko 



((fci > 0) A (k 2 < n 2 )) 



h 


= Qi 






= q'l 




h 


= h 


- 1 


Q2 


= Q2 


■m 


k 2 


= k 2 


+ i 



(7.46) 



An initial condition of the process (17.461) is the formula 

f (m > 0) A (h = 0) A (qi = e)\ 
\ (n 2 > 0) A (k 2 = 0) A (g 2 = e) f 



A graph representation of the process Buffer ni+n2 



has the form 



(k < n\ + n 2 ) 
In?/ 

q ■= q ■ [/] 

k := k+l 



(k > 0) 
Out! q 
q := q' 
k := k - 1 




An initial condition of the process Buffer ni+n2 is the formula 

(ni + n 2 > 0) A (A; = 0) A (g = e) 
It is easy to verify that the formula 

' < h < ni 1 

T def < k 2 < n 2 
lnv — < | , , 

M = ^2 

ni > 
, n 2 > 
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is an invariant of the process (I7.46p . This fact follows, in particular, from 
the statement 



\u 



\u\ 



1 



I M > => 
I \u ■ [a] I = | [a] • u | = \u\ + 1 

which hold for each list u and each message a. 

As an invariant of the second process we take the formula T. 
Define a function /x : {A} x {a} — > Fm as follows: 



fi(A,a 



dcf 



Q 
k 



Q2 ■ qi 

k 2 + h 



< 



q 
k 



q2 ■ qi 
k 2 + ki 



Check properties 1, 2, and 3 for the function /i. 

1. Property 1 in this case is the inequality 

(ni > 0) A {hi = 0) A (qi = e) 
(n 2 > 0) A (k 2 = 0) A (q 2 = e) 
(ni + n 2 > 0) A (k = 0) A (g = e) 

which is obviously true. 

2. Check property 2. 

• For left transition of the process (17.461) inequality f!T.39j) holds. As 
(17.401) we take the set, the only element of which is left transition 
of the process Buffer ni+nr 
Inequality (17.411) in this case has the form 



q = qi-q\ 
k = k 2 + h 
Inv 



< (k <n 1 + n 2 ) 



that is obviously true. 

Using (17.351) . write an inequality corresponding to diagram ( 17.421) 
for this case as 



q = q2-qi 
k = k 2 + ki 
Inv 

k\ < n\ 

k < ni + n 2 



\ < 



q ■ 

k 



[A 



q 2 -qi- [z] 
k 2 + h + l 



(7.47) 



It is easy to check that the last inequality is true. 
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• For the middle (internal) transition of the process (I7.46P inequality 
(17.391) holds. As ( I7.40p we take the set, the only element of which 
is an empty CT of the process Buffer ni+nr 

Inequality (I7.4ip in this case holds for the trivial reason: its right 
side is T. 

Using statement (I7.35p . write an inequality corresponding to dia- 
gram ( I7.42p for this case, in the form 

' q = Q2 ■ qi 



This inequality follows from 

— the associativity property of of a concatenation, and 

— the statement 

\u\ > =>- u — [u] ■ u 

which holds for each list u. 

• For right transition of the process (17.461) inequality (I7.39P holds. A 
(17.401) we take the set, the only element of which is right transition 
of the process Buffer ni+ri2 . 
Inequality ( 17.411) in this case has the form 



[ Inv 
that is obviously true. 

Using the statement ( I7.35p . we write the inequality which corre- 
sponds to diagram (17.421) for this case, in the form 

' q = qi ■ qi 



k = k 2 + ki 
< Inv 
fci > 




(7.48) 





< Inv 
k 2 >0 
k>0 





(7.49) 
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This inequality follows from the statement 

ii _ f (u ■ vT = u ] 

\u > =>- < } ' , } 
I [u • V ) — u ■ V J 

which holds for each pair of lists u, v. 

3. Check property 3. 

• For left transition of the process Buffer + inequality (17.391) 
holds. As (I7.43P we take the set, consisting of two CTs: 

— left transition of the process f)7.46p . and 

— the sequence, which consists of a pair of transitions 

* the first element of which is the middle (internal) transi- 
tion of the process (I7.46p . 

* and the second is the left transition of the process (I7.46P 

Inequality (17.411) in this case has the form 

{k < n 1 +n 2 
q = q2-qi 
k = k 2 + ki 
Inv 

This inequality is true, and in the proof of this inequality the 

conjunctive term ri\ > (contained in Inv) is used. 

The inequalities which correspond to diagrams (I7.44p for both 

elements of the set (17.431) . follow from (17.471) . (I7.48P and theorem 

[361 

• For right transition of the process Buffer + inequality (17.391) 
holds. As (I7.43P we take the set, consisting of two CTs: 

— right transition of the process (17.461) . and 

— the sequence which consists of a pair of transitions, 

* the first element of which is the middle (internal) transi- 
tion of the process (I7.46p . and 

* the second is right transition of the process (17.461) 



< (fci < m) v 
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Inequality (I7.4ip in this case has the form 



< q -fl\ <(Aa>0) V ( k 2 <°n 2 ) 
Inv ) v ' 

This inequality is true, and in the proof of this inequality the 
conjunctive term n 2 > (contained in Inv ) is used. 

The inequalities corresponding to diagrams (17.441) for both ele- 
ments of the set (17.431) . follow from (17.481) . (I7.49P and theorem 

M 

7.9 Recursive definition of processes with a 
message passing 

A concept of a recursive definition of processes with a message passing is 
similar to a concept of a RD presented in chapter 

A concept of a RD is based on a concept of a process expression (PE) 
which is analogous to the corresponding concept in section 15.11 so we only 
point out differences in definitions of these concepts. 

• In all PEs operators are used (instead of actions). 

• Each process name A has a type t(A) of the form 

t(A) = (t u ...,t n ) (n>0) 
where Vi = 1, . . . , n t« G Types 

• Each process name A occurs in each PE only together with a list of 
expressions of corresponding types, i.e. each occurrence of A in each 
PE P is contained in a subexpression of P of the form 

A(e 1: ...,e n ) 

where 

— Vi = 1, . . . , n ei G £ 
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(t(e 1 ),...,t(e n ))=t(A) 



For each PE P the notation fv(P) denotes a set of free variables of P, 
which consists of all variables from Xp having free occurrences in P. 

A concepts of a free occurrence and a bound occurrence of a variable in a 
PE is similar to an analogous concept in predicate logic. Each free occurrence 
of a variable x in a PE P becomes bound in the PEs {alx).P and (x := e).P. 

A recursive definition (RD) of processes is a list of formal equations 
of the form 



• Ax, . . . , A n are process names, 

• for each i = 1, . . . , n the list (xn, . . . , x^) in left side of i-ih equality 
consists of different variables 

• P\, . . . ,P n are PEs, which satisfy 

— the conditions set out in the definition of a RD in section 15. 2\ and 

— the following condition: 

Vi = l,...,n fv(Pi) = {x a , . . . ,x iki } 

We shall assume that for each process name A there is a unique RD such 
that A has an occurrence in this RD. 

RD f)7.50p can be interpreted as a functional program, consisting of func- 
tional definitions. For each % = 1, . . . ,n the variables Xn, . . ., x^ can be 
regarded as formal parameters of the function Ai(xn, . . . , x^). 

A reader is requested to define a correspondence, which associates with 
each PE of the form A(x±, . . . , x n ), where 

• A is a process name, and 

list of different variables of appropriate types 

the process 




(7.50) 



where 




(7.51) 



Also a reader is invited to investigate the following problems. 
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1. Construction of minimal processes which are equivalent («, ~, . . .) to 
processes of the form (17.511) . 

2. Recognition of equivalence of processes of the form (I7.5ip . 

3. Finding necessary and sufficient conditions of uniqueness of the list of 
processes defined by a RD. 
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Chapter 8 



Examples of processes with a 
message passing 



8.1 Separation of sets 

8.1.1 The problem of separation of sets 

Let U, V be a pair of finite disjoint sets, and each element x E U U V is 
associated with an integer weight(x), called a weight of this element. 
It is required to convert this pair to a pair of sets U', V, so that 

• \u\ = \U'\, \V\ = \V'\ 

(for each finite set M the notation \M\ denotes a number of elements 
in M) 

• for each u e U' and each v e V the following inequality holds: 

weight(u) < weight(v) 

Below we shall call the sets U and V as left set and right set, respec- 
tively. 

8.1.2 Distributed algorithm of separation of sets 

The problem of separation of sets can be solved by an execution of several 
sessions of exchange elements between these sets. Each session consists of 
the following actions: 
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• find an element mx with a maximum weight in left set 

• find an element mn with minimum weight in right set 

• transfer 

— mx from left set to right set, and 

— mn from right set to left set. 

To implement this idea a distributed algorithm is proposed. This algo- 
rithm is defined as a process of the form 

(Small | Large) \ {a, (3} (8.1) 

where 

• a process Small executes operations associated with left set, and 

• a process Large executes operations associated with right set. 
A flow graph corresponding to this process has the form 




Below we shall use the following notations: 

• for each subset W C U U V the notations 

max(W) and min(W) 

denote an element of W with maximum and minimum weight, respec- 
tively, 

• for 
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- any subsets W 1 , W 2 C U U V, and 

- any u G U U V 

the notations 

< u, u< W 1 , Wi < W 2 
are shorthand expressions 

Vx G W^i weight(x) < weight(u) 
Vrr G W^i weight(u) < weight(x) 
Wx G VFi, Vy G weight(x) < weight(y) 

respectively. 
A similar meaning have the expressions 

max(W0, min(W), W < u, u < W, W 1 <W 2 
in which the symbols W, Wi and u denote variables whose values are 

• subsets of the set U U V, and 

• elements of the set U U V 
respectively. 

8.1.3 Processes Small and Large 
Processes Small and Large can be 

• defined in terms of flowcharts, 

• which then are transformed to processes with COs, and reduced. 

We will not describe these flowcharts and their transformations and reduc- 
tions, we present only reduced COs. 

A reduced process Small has the following form. 

Init = (S = U). 
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mx :- 



max(S') 



al mx 



S := S \ {mx} 




(x > mx) 
U' := S 



P? x 
S := SU{x} 
mx := max(S) 

The reduced process Large has the following form. 
Init = (L = V). 



a! y 
L:=LU{y} 
mn := min(L) 




(y < ran) 
V :=L 



j3\ mn 
L := L \ {mn} 
mn := min(L) 



•2) 



.3) 



8.1.4 An analysis of the algorithm of separation of sets 

A process described by expression (18. ip . is obtained by 

• a performing of operations of parallel composition and restrictions on 
processes (18. 2p and ( 18. 3p . in accordance with definition ( 18. ip . and 

• a reduction of a resulting process. 
The reduced process has the following form: 
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mx 

V ■= 
S :-- 
L :-- 
mn 
L :-- 
x := 
S :-- 
mx 
mn 



:= max(S') \ 
= mx 

= S \ {mx} 
~-LU{y} 
:= min(L) 

- L \ {mn} 

- mn 

- S U {mn} 
:= max(S') 
:= min(L) 



,i x > mx 
' 1 "■ < mn 




U) 



This diagram shows that there are states of process ( 18. 4 j) (namely, Ac and 
Ca) with the following properties: 

• there is no transitions starting at these states 
(such states are said to be terminal) 

• but falling into these states is not a normal completion of the process. 

The situation when a process falls in one of such states is called a deadlock. 

Process (18. 1 p can indeed fall in one of such states, for example, in the 
case when 

U = {3} and V = {1,2} 

where a weight of each integer is equal to its value. 

Nevertheless, process ( 18. II) has the following properties: 

• this process always terminates (i.e., falls into one of terminal states - 
Ac, Cc or Ca) 



220 



after a termination of the process, the following statements hold: 

(8.5) 



SUL=UUV 

\S\ = \U\, \L\ = \V\ 



S<L 

To justify these properties, we shall use the function 

f(S,L) = | {(s,l) e SxL\ weight(s) > weight(l)} \ 

Furthermore, for an analyzing of a sequence of assignment operators per- 
formed during the transition from Aa to Bb, it is convenient to represent this 
sequence schematically as a sequence of the following actions: 

g y:=max(S] ^ 

(transfer of an element y := max(S') from S toL) 

2 ^ x:=rain(L) f g 

3. mx := max(S') 

4. mn := min(L) 

It is not so difficult to prove the following statements. 
1. If at current time % 

• the process is located at the state Aa, and 

• values Si, Li of the variables S and L at this time satisfy the 
equation 

f(Si,Li) = 
i.e. the inequality Si < Li holds 

then Si+i = Si and L i+ \ = Li. 

Furthermore, after an execution of the transition from Aa to Bb values 
of the variables x, y, mx and mn will satisfy the following statement: 

y = x = mx < mn 

and, thus, a next transition will be the transition from Bb to state Cc, 
i.e. the process normally completes its work. 

Herewith 
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• values of the variables U' and V will be equal to Si and L h re- 
spectively, 

• and, consequently, values of the variables U' and V will meet the 
required conditions 

|[/| = |[/'|, \v\ = \V'\, U' <v 

2. If at current time % 

• the process is located at the state Aa, and 

• values Si, Li of the variables S and L satisfy the inequality 

f(Si,Li)>0 

then after an execution of the transition from Aa to Bb (i.e., at the 
time i + 1) new values S i+1 ,L i+1 of the variables S and L will satisfy 
the inequality 

f(S i+1 ,L i+1 )<f(Si,Li) (8.6) 

In addition, the variables x, y, mx, mn at the time i + 1 will satisfy 

y = max(S'j), x = min(Lj) 

mx = max(S'j + i), mn = min(L i+1 ) 

x < y, x < mx, mn < y 

It follows that if at the time i + 1 the process will move from Bb to one 
of the terminal states (Ac, Cc or Co), then it is possible 

(a) either if x = mx 

(b) or if y = mn 

In the case (a) the following statement holds: 

Si+i < mx = x < Li 

whence, using 

x < y and L i+1 C^U {y} 

we obtain: 

Si+i < L i+ i (8.7) 
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In the case (b) the following statement holds: 

Si < y = mn < L i+l 

whence, using 

x < y and S{+i C Si U {x} 

we obtain (18. TJ) . 

Thus, if the process is in a terminal state, then S < L. 
Other statements listed in (18.51) are proved directly. 

First and second statements imply that this process can not be endless, 
because an infinite loop is possible only in the case when 

• the process infinitely many times falls into the state Aa, and 

• every time when the process is located at the state Aa, a value of the 
function / on current values of the variables S, T is positive. 

An impossibility of this situation follows from 

• inequality (18. 6ft . and 

• the founding property of the set of integers 

(there is no an infinite descending chain of integers). 

A reader is requested 

• to find necessary and sufficient conditions to be met by the shared 
sets U and V, that there is no a deadlock situation in an execution of 
process (18.41) (i.e. the process terminates in the state Cc) with these U 
and V, and 

• develop an algorithm for separation of sets that would work without a 
deadlock on any shared sets U and V. 
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8.2 Calculation of a square 

Suppose we have a system "multiplier" , which has 

• two input ports with names ln\ and In 2 , and 

• one output port with name Out. 

An execution of the multiplier is that it 

• receives on its input ports two values, and 

• gives their product on the output port. 

A behavior of the multiplier is described by the process Mul: 



Using this multiplier, we want to build a system "a calculator of a square" , 
whose behavior is described by the process SquareSpec: 



We shall build a desired system as a composition of 
1. an auxiliary system "duplicator", which has 

• an input port In, and 

• output ports Outi and Out 2 

and behavior of which is described by the process Dup: 

Out 2 ! z 



Out \{x ■ y) 






i.e. the duplicator copies its input to two outputs, and 
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2. the multiplier, which receives on its input ports those values that du- 
plicator gives. 

A process Square, corresponding to such a composition is determined as 
follows: 

dcf 



Square 

def I Dup[passi/Outi, pass2/Out2\ 
I | Mul[passi/Ini,pass2/Iri2\ 



j \ {passi,pass 2 } 
A flow graph of the process Square has the form 



pass\ 



InO Dup 




Mul it Out 



However, the process Square does not meet the specification Square-Spec. 
This fact is easy to detect by a construction of a graph representation of 
Square, which has the following form: 
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Out \{x ■ y) 




Out ! (x ■ y) 



After a reduction of this process we obtain the diagram 




In? z 
x := z 
y:= z 



In? z 



Out ! (x ■ y) 



Out \{x ■ y) 

x := z 
y:=z 



(8.8) 



which shows that 

• the process Square can execute two input actions together (i.e. without 
an execution of an output action between them), and 

• the process Square_Spec can not do so. 
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The process Square meets another specification: 

„ „ , def / Buf [pass /Out] | \ \ r 1 

bquare_bpec — , „ ' \ n i \ \ \pass\ 
\ | bquare-bpec[pass / ln\ J 

where Buf is a buffer which can store one message, whose behavior is repre- 
sented by the diagram 

In! x 




Out ! x 



A flow graph of Square-Spec' has the form 



Ind) Buf 4-^ k6 Squared pec b Out 



A reduced process Square-Spec' has the form 

z := x 

in i x j ^ 

The statement that Square meets the specification Square-Spec' can be 
formalized as 

(EHD « (E3D (8.io) 

We justify (18.101) with use of theorem [3H At first, we rename variables 
of the process (|8.9p . i.e. instead of (18. 9p we shall consider the process 




In? u j- q 

in .' u 



f := n 



.11) 
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To prove (18. 8ft ~ ( 18. lip with use of theorem [3H we define the function 
/i : {Ax, A 2 , A 3 } x {ai, a 2 , a 3 } ->■ Fm 

as follows: 



• 


fj,(Ai, 




def 


J_, if 


i 7^3 


• 




Oi) 


def 


T 




• 






def 


(x = 


y = z = u) 


• 




03) 


def 


j X 

{ z. 


= y = v) 
J 



Detailed verification of correctness of corresponding diagrams left to a 
reader simple exercise. 

8.3 Petri nets 

One of mathematical models to describe a behavior of distributed systems is 
a Petri net. 

A Petri net is a directed graph, whose set of nodes is divisible in two 
classes: places (V) and transitions (T). Each edge connects a place with a 
transition. 

Each transition t 6 T is associated with two sets of places: 

• in(t) = f {v G V I there is an edge from t> to t} 

• out{t) = f {f G V I there is an edge from t to v} 

A marking of a Petri net is a mapping a of the form 

cr:y^{0,l,2,...} 

An execution of a Petri net is a transformation of its marking which 
occurs as a result of an execution of transitions. 
A marking o"o at time is assumed to be given. 
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If a net has a marking <7j at a time i, then any of transition t G T, which 
satisfies the condition 

V t> G m(i) o"j(t>) > 

can be executed at time i. 

If a transition t was executed at time i , then a marking <7j+i at time 2 + 1 
is defined as follows: 

V v G m(i) o"j+i(f ) := cr(v) — 1 

V f G out(t) a i+ i(v) := <7(i>) + 1 

V v eV \ (ira(f) U out(f)) <r i+ i(u) := a(v) 

Each Petri net M can be associates with a process Pv, which simulates 
a behavior of this net. Components of the process P^ are as follows. 

• - X Pn d = {x v \ v G V}, 

- /pjv = f A (x v = <tq(v)), 
vev 

• Let t be a transition of the net A/", and the sets in(t) and o-ut(t) have 
the form {ui, ...,«„} and {v±, . . . , v m } respectively. 

Then the process Pjj has a transition from s° to s° with the label 

({x Ul > 0) A ... A (x Un > 0)} 

X U1 . X Ul 1, . . . , 3^u n • -^u n 1 
X VI . X V1 + 1, . . . , X Vm . X Vm + 1 
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Chapter 9 

Communication protocols 



In this chapter we consider an application of the theory of processes to the 
problem of modeling and verification of communication protocols (which are 
called below protocols). 

9.1 The concept of a protocol 

A protocol is a distributed system which consists of several interacting com- 
ponents, including 

• components that perform a formation, sending, receiving and process- 
ing of messages 

(such components are called agents, and messages sent from one agent 
to another, a called frames) 

• components of an environment, through which frames are forwarded 
(usually such components are called communication channels). 

There are several layers of protocols. In this chapter we consider data 
link layer protocols. 

9.2 Frames 

9.2.1 The concept of a frame 

Each frame is a string of bits. 
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When a frame is passed through an environment, it may be distorted 
or lost (a distortion of a frame is an inverting of some bits of this frame). 
Therefore, each frame must contain 

• not only an information which one agent wishes to transfer to another 
agent, but 

• means allowing to a recipient of the frame to find out whether this 
frame is distorted during a transmission. 

Below we consider some methods of detection of distortions in frames. 
These methods are divided into two classes: 

1. methods which allow 

• not only detect distortions of frames, 

• but also determine distorted bits of a frame and fix them 

(discussed in section I5.2.2p . and 

2. methods to determine only a fact of a distortion of a frame, without 
correction of this distortion (discussed in section |9.2.3[) . 

9.2.2 Methods for correcting of distortions in frames 

Methods of detection of distortion in frames, which allow 

• not only detect the fact of a distortion, but 

• determine indexes of distorted bits 

are used in such situations, when a probability that each transmitted frame 
will be distorted in a transmission of this frame, is high. For example, such 
a situation occurs in wireless communications. 

If you know a maximum number of bits of a frame which can be inverted, 
then for a recognition of inverted bits and their correction methods of error 
correction coding can be used. These methods constitute one of directions 
of the coding theory. 

In this section we consider an encoding method with correction of errors 
in a simplest case, when in a frame no more than one bit can be inverted. 
This method is called a Hamming code to correct one error (there are 
Hamming codes to fix an arbitrary number of errors). 

The idea of this method is that bits of a frame are divided into two classes: 
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• information bits (which contain an information which a sender of the 
frame wants to convey to the recipient), and 

• control bits (values of which are computed on values of information 
bits). 

Let 

• / be a frame of the form (bi, . . . , b n ) 

• k is a number of information bits in / 

• r is a number of control bits in / 
(i.e. n = k + r) 

Since a sender can place his information in k information bits, then we 
can assume that an information that a sender sends to a recipient in a frame 
/, is a string M, which consists of k bits. 

A frame which is derived from the string M by addition of control bits, 
we denote by <p(M). 

For each frame / denote by U(f) the set of all frames obtained from / by 
inversion of no more than one bit. Obviously, a number of elements of U(f) 
is equal to n + 1. 

The assumption that during a transmission of the frame f(M) no more 
than one bit of this frame can be inverted, can be reformulated as follows: a 
recipient can receive instead of (p(M) any frame from the set U((p(M)). 

It is easy to see that the following conditions are equivalent: 

1. for each M 6 {0, l} fc a recipient can uniquely reconstruct M having an 
arbitrary frame from U(ip(M)) 

2. the family 

M#))|Me{o,i} fc } (9.1) 

of subsets of {0, 1}" consists of disjoint subsets. 
Since 

• family (19.11) consists of 2 k subsets, and 

• each of these subsets consists of n + 1 elements 
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then a necessary condition of disjointness of subsets from (19. ip is the inequal- 
ity 

(n + 1) • 2 k < T 

which can be rewritten as 

+ r + l)<2 r (9.2) 

It is easy to prove that for every fixed k > the inequality (19.21) (where 
r is assumed to be positive) is equivalent to the inequality 

r < r 

where tq depends on k, and is a lower bound on the number of control bits. 
It is easy to calculate tq, when k has the form 

k = 2 m - m - 1, where m > 1 (9.3) 

in this case ( 19 .2p can be rewritten as the inequality 

2 m - m < 2 r - r (9.4) 

which is equivalent to the inequality m < r (because the function 2 X — x is 
monotone for x > 1). 

Thus, in this case a lower bound of a number of control bits is m. 

Below we present a coding method with correction of one error, in which 
a number r of control bits is equal to the minimum possible value m. 

If k has the form (19. 3p . and r = ro = m, then n = 2 m — 1, i.e. indices 
of bits of the frame / = (pi, ... , b n ) can be identified with m-tuples from 
{0, l}" 1 : each index i G {l,...,n} is identified with a binary record of i 
(which is complemented by zeros to the left, if it is necessary). 

By definition, indices of control bits are m-tuples of the form 

(0 ... 010 ... 0) (1 is at j-th position) (9.5) 

where j = 1, . . . , m. 

For each j — 1 , . . . , m a value of a control bit which has an index (19.51) 
is equal to the sum modulo 2 values of information bits, indices of which 
contain 1 at j-th position. 

When a receiver gets a frame (pi, ... , b n ) he checks m equalities 

E & n- m =° (; = l,...,m) (9.6) 

ij=i 
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(the sum is modulo 2). 

The following cases are possible. 

• The frame is not distorted. 

In this case, all the equalities ( 19 .6p are correct. 

• A control bit which has the index (19. 5p is distorted. 
In this case only j-th equality in (I9.6P is incorrect. 

• An information bit ( 19. 5 p is distorted. 

Let an index of this bit contains 1 at the positions j\, ■ ■ ■, ji- 

In this case among equalities (I9.6P only equalities with numbers j\, . . ., 
ji are incorrect. 

Thus, in all cases, we can 

• detect it whether a frame is distorted, and 

• calculate an index of a distorted bit, if a frame is distorted. 

9.2.3 Methods for detection of distortions in frames 

Another class of methods for detection of distortions in frames is related to 
a detection of only a fact of a distortion. 

The problem of a calculation of indices of distorted bits has high complex- 
ity. Therefore, if a probability of a distortion in transmitted frames is low 
(that occurs when a copper or fibre communication channel is used), then 
more effective is a re-sending of distorted frames: if a receiver detects that 
a received frame is distorted, then he requests a sender to send the frame 
again. 

For a comparison of a complexity of the problems of 

• correcting of distortions, and 

• detection of distortions (without correcting) 

consider the following example. Suppose that no more than one bit of a 
frame can be distorted. If a size of this frame is 1000, then 

• for a correction of such distortion it is needed 10 control bits, but 
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• for a detection of such distortion it is enough 1 control bit, whose value 
is assumed equal to a parity of a number of units in remaining bits of 
the frame. 

One method of coding to detection of distortion is the following: 

• a frame is divided into k parts, and 

• in each part it is assigned one control bit, whose value is assumed equal 
to a parity of a number of units in remaining bits of this part. 

If bits of the frame are distorted equiprobably and independently, then 
for each such part of the frame the probability that 

• this part is distorted, and 

• nevertheless, its parity is correct (i.e., we consider it as undistorted) 

is less than 1/2, therefore a probability of undetected distortion is less than 

Another method of coding to detection of distortions is a polynomial 
code (which is called Cyclic Redundancy Check, CRC). 

This method is based on a consideration of bit strings as polynomials over 
the field Z 2 = {0, 1}: a bit string of the form 

(&fc,6fc-i, . . . ,&i,&o) 

is regarded as the polynomial 

b k ■ x k + 6 fe _x • x^ 1 + ... + &!• x + b 

Suppose you need to transfer frames of size m + 1. Each such frame is 
considered polynomial M(x) of a degree < m. 
To encode these frames there are selected 

• a number r < m, and 

• a polynomial G(x) of degree r, which has the form 

x r + . . . + 1 
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The polynomial G(x) is called a generator polynomial. 

For each frame M(x) its code T(x) is calculated as follows. The polyno- 
mial x r ■ M(x) is divided on G(x) with a remainder: 

x r ■ M(x) = G(x) ■ Q(x) + R(x) 

where R(x) is a remainder (a degree of R(x) is less than r). 
A code of the frame M(x) is the polynomial 

T(x) d ^ f G(x) ■ Q(x) 

It is easy to see that a size of T(x) is larger than a size of M(x) on r. 

Detection of a distortion in a transmission of the frame T(x) is produced 
by a dividing a received frame T'(x) on we consider that the frame T(x) 

was transmitted without a distortion (i.e. a received frame T"(x) coincides 
with T(x)), if T"(x) is divisible on G(x) (i.e. T'(x) has the form G(a;) -Q'(x), 
where Q'{x) is a polynomial). 

If the frame T{x) was transmitted without a distortion, then the original 
frame M(x) can be recovered by a representation of T(x) as a sum 

T(x) = x r ■ M(x) + R(x) 

where R(x) consists of all monomials in T(x) of a degree < r. 
A relation between 

• an original frame T(x), and 

• a received frame T'(x) 
can be represented as 

T\x) = T(x) + E(x) 
where E(x) is a polynomial which 

• is called a polynomial of distortions, and 

• corresponds to a string of bits each component of which is equal to 

— 1 if the corresponding bit of the frame T(x) has been distorted, 
and 

— 0, otherwise. 
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Thus 

• if T(x) has been distorted in a single bit, then E(x) = x l 

• if T(x) has been distorted in two bits, then E(x) = x l + x\ 

• etc. 

From the definitions of T'(x) and E(x) it follows that T'(x) is divisible 
on G(x) if and only if E{x) is divisible on G(x). 

Therefore, a distortion corresponding to the polynomial E(x), can be 
detected if and only if E(x) is not divisible on G(x). 

Let us consider the question of what kinds of distortions can be detected 
using this method. 

1. A single-bit distortion can be detected always, because the polynomial 
E(x) = x l is not divisible on G(x). 

2. A double- byte distortion can not be detected in the case when the 
corresponding polynomial 

E(x) = x 1 + x j = x j ■ (x { - j + 1) (i > j) 

is divisible on G(x): 

3 Q(x) : x j ■ (x^ + 1) = G(x) ■ Q(x) (9.7) 



On the reason of a uniqueness of factorization of polynomials over a 
field, statement (19.71) implies the statement 

3Q 1 (x): j-> + l = G(x) -Qi{x) (9.8) 



The following fact holds: if 

G(x) = x 15 + x u + 1 (9.9) 

then for each k = 1, . . . , 32768 the polynomial x k + 1 is not divisible on 
G{x). 

Therefore the generator polynomial (19.91) can detect a double-byte dis- 
tortion in frames of a size < 32768. 
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3. Consider the polynomial of distortions E(x) as a product of the form 

E(x) =x j ■(x k - 1 + + (9.10) 



The number k in (I9.10p is called a size of a packet of errors, k 
is equal to the size of a substring of a string of distortions (which 
corresponds to E(x)), which is bounded from left and right by the bits 

Let Ei(x) be the second factor in (19.101) . 

On the reason of a uniqueness of factorization of polynomials over a 
field we get that 

• a distortion corresponding to the polynomial f l9.10p is not detected 
if and only if 

• Ei(x) is divisible on G(x). 
Consider separately the following cases. 

(a) k < r, i.e. k — 1 < r. 

In this case E\{x) is not divisible on G(x), because a degree of 

Ei(x) is less than a degree of G(x). 

Thus, in this case we can detect any distortion. 

(b) k — r+1. 

In this case the polynomial Ei(x) is divisible on G(x) if and only 
if E x (x) = G{x). 

The probability of such coincidence is equal to 2~( r_1 ). 

Thus, a probability that such distortion will not be detected is 
equal to 2^ r - l \ 

(c) k > r + 1. 

It can be proved that in this probability that such distortion 

will not be detected is less that < 2~ r . 



4. If 

• an odd number of bits is distorted, i.e. E(x) has an odd number 
of monomials, and 
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• G(x) = (x + 1) • G x {x) 

then such a distortion can be detected, because if for some polynomial 
Q(x) 

E{x) = G(x) ■ Q(x) 

then, in particular 

E(l) = G?(l) • Q(l) (9.11) 

that is wrong, since 

• left side of (19. lip is equal to 1, and 

• right side of (19. lip is equal to 0. 

In standard IEEE 802 the following generator polynomial G(x) is used: 
G{x) = x 32 + x 26 + x 23 + x 22 + x 16 + x 12 + x u + 

+X W + X 8 + X 7 + X 5 + x 4 + x 2 + X + 1 

This polynomial can detect a distortion, in which 

• a size of a packet of errors is no more than 32, or 

• it is distorted an odd number of bits. 

9.3 Protocols of one-way transmission 

9.3.1 A simplest protocol of one-way transmission 

A protocol which is considered in this section consists of the following agents: 

• a sender, 

• a timer (which is used by a sender), 

• a receiver, and 

• a channel. 

The purpose of the protocol is a delivery of frames from a sender to a receiver 
via a channel. A channel is assumed to be unreliable, it can distort and lose 
transmitted frames. 

A protocol works as follows. 
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1. A sender receives a message (which is called a packet) from an agent 
which is not included in the protocol. This agent is called a sender's 
network agent (SNA). 

A purpose of a sender is a cyclic execution of the following sequence of 
actions: 

• get a packet from a SNA 

• build a frame, which is obtained by an applying of a encoding 
function to the packet, 

• send this frame to the channel and switch-on the timer 

• if the signal timeout came from the timer, which means that 

— the waiting time of a confirmation of the sent frame has ended, 
and 

— apparently this frame is not received by the receiver 
then send the frame again 

• if a confirmation signal came from the receiver, then 

— this means that the current frame is successfully accepted by 
the receiver, and 

— the sender can 

* get the next packet from the SNA, 

* build a frame from this packet, 

* etc. 

A flowchart representing this behavior has the following form: 
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Operators belonging to this flowchart have the following meanings. 

• In ? x is a receiving a packet from the SNA, and record this packet 
to the variable x 

• C ! (p(x) is a sending the frame (p(x) to the channel 

• start ! is a switching-on of the timer 

• timeout ? is a receiving of a signal "timeout" from the timer 

• C ? is a receiving a confirmation signal from the channel. 

The process represented by this flowchart, is denoted by Sender and 
has the following form: 
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In? x 




timeout ? 



The behavior of the timer is represented by the process Timer having 
the form 



start ? 
t := 1 



(t = l) 
timeout ! 
t := 




(9.12) 



An initial condition of Timer is t — 0. 

In this model we do not detail a magnitude of an interval between 

• a switching-on of the timer (the action start?), and 

• a switching-off of the timer (the action timeout !). 

2. A channel at each time can contain no more than one frame or signal. 
It can execute the following actions: 

• receiving a frame from the sender, and 

— sending this frame to the receiver, or 

— sending a distorted frame to the receiver, or 

— loss of the frame 

• receivng a confirmation signal from the receiver, and 

— sending this signal to the sender, or 
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loss of the signal. 



The behavior of the channel is described by the following process: 

CO (T) 




(9.13) 



In this process, we use the following abstraction: the symbol '*' means 
a "distorted frame". We do not specify exactly, how frames can be 
distorted in the channel. 

Each frame which has been received by the channel 

• either is transferred from the channel to the receiver 

• or is transformed to the abstract value '*', and this value is trans- 
ferred from the channel to receiver 

• or disappears, which is expressed by the transition of the process 
( ESP with the label (T) 

3. The receiver executes the following actions: 

• receiving a frame from the channel 

• checking of a distortion of the frame 

• if the frame is not distorted, then 

— extracting a packet from the frame 

— sending this packet to a process called a receiver's network 
agent (RNA) 

(this process is not included in the protocol) 

— sending a confirmation signal to the sender through the chan- 
nel 
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• if the frame is distorted, then the receiver ignores it (assuming 
that the sender will be tired to wait a confirmation signal, and 
will send the frame again) 

A flowchart representing the above behavior has the following form: 



Operators belonging to this flowchart have the following meanings. 

• C ? / is a receiving of a frame from the channel, and a record it 
to the variable / 

• (/ = *) is a checking of a distortion of the frame / 

• Out ! info(f) is a sending of the packet info(f), extracted from the 
frame /, to the RNA 

• C ! is a sending of the confirmation signal 

The process represented by this flowchart, is denoted as Receiver and 
has the following form: 




cis 




cis 




Outlinfo(f) 
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The process Protocol, corresponding to the whole system, is defined as a 
parallel composition (with restriction and renaming) of the above processes: 



Protocol = f 



/ Sender [S/C] | \ 
Timer | 
Channel \ 
V Receiver [R/C] J 



\ {S, R, start, timeout} (9.14) 
A flow graph of the process Protocol has the form 



In 

-e~ 



Sender 



Out 



Kb 



R 



Channel 



►O 



(> 



R 



Receiver 



start 



timeout 



Timer J 



(9.15) 



In order to be able to analyze the correctness of this protocol is necessary 
to determine a specification which he must meet. 

If we want to specify only properties of external actions executed by the 
protocol (i.e., actions of the form In! v and Outlv), then the specification 
can be as follows: the behavior of this protocol coincides with the behavior of 
the buffer of the size 1, i.e. the process Protocol is observationally equivalent 
to the process Buf, which has the form 

In? x 

• (9-16) 

Outlx 
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After a reduction of the graph representation of the process Protocol we 
get the diagram 




which is observationally equivalent to the diagram 




We assume that the function info of extracting of packets from frames is 
inverse to tp, i.e. for each packet x 

info(<f(x)) = x 

therefore the diagram (19. 17ft can be redrawn as follows: 
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(T) 



Out ! x 



(9.18) 



(T) 



o 



The process (19.181) can be reduced, resulting in the process 



o 



In? x 



o 



D 



(9.19) 



Out ! x 



Out ! x 



After a comparing of the processes ( 19. 19ft and ( 19.161) we conclude that 
these processes can not be equivalent in any acceptable way. For example, 

• the process ( I9.16P after receiving the packet x can only 

— send this packet to the RNA, and 

— move to the state of waiting of another packet 

• while the process (I9.19P after receiving the packet x can send this packet 
to the RNA several times. 

Such retransmission can occur, for example, in the following version of 
an execution of the protocol. 

• First frame which is sent by the sender, reaches the receiver successfully. 

• The receiver 

— sends the packet, extracted from this frame, to the RNA, and 

— sends a confirmation to the sender through the channel. 

• This confirmation is lost in the channel. 
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• The sender does not received a confirmation, and sends this frame 
again, and this frame again goes well. 

• The receiver perceives this frame as a new one. He 

— sends the packet, extracted from this frame, to the RNA, and 

— sends the confirmation signal to the sender through the channel. 

• This confirmation again is lost in the channel. 

• etc. 

This situation may arise because in this protocol there is no a mechanism 
through which the receiver can distinguish: 

• is a received frame a new one, or 

• this frame was transmitted before. 

In section l9.3.2l we consider a protocol which has such mechanism. For this 
protocol it is possible to prove formally its compliance with the specification 

dUSD. 

9.3.2 One-way alternating bit protocol 

The protocol described in this section is called the one-way alternating 
bit protocol, or, in an abbreviated notation, ABP. 

The protocol ABP is designed to solve the same problem as the protocol 
in section 19.3.11 delivery of frames from the sender to the receiver via an 
unreliable channel (which can distort and lose transmitted frames). 

The protocol ABP 

• consists of the same agents as the protocol in section 19.3.11 (namely: 
the sender, the timer, the receiver, and the channel), and 

• has the same flow graph. 

A mechanism by which the receiver can distinguish new frames from 
retransmitted ones, is implemented in this protocol as follows: among the 
variables of the sender and the receiver there are boolean variables s and r, 
respectively, values which have the following meanings: 
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• a value of s is equal to a parity of an index of a current frame, which 
is trying to be sent by the sender, and 

• a value of r is equal to a parity of an index of a frame, which is expected 
by the receiver. 

At the initial time values of s and r are equal to (the first frame has an 
index 0). 

As in the protocol in section 19.3. 1[ the abstract value "*" is used in this 
protocol, this value denotes a distorted frame. 
The protocol works as follows. 

1. The sender gets a packet from the SNA, and 

• records this packet to the variable x, 

• builds the frame, which is obtained by an applying of a coding 
function ip to the pair (x, s), 

• sends the frame to the channel, 

• starts the timer, and then 

• expects a confirmation of the frame which has been sent. 

If 

• the sender gets from the times the signal timeout, and 

• he does not received yet an acknowledgment from the receiver 

then the sender retransmits this frame. 

If the sender receives from the channel an undistorted frame, which 
contains a boolean value, then the sender analyzes this value: if it 
coincides with the current value of s, then the sender 

• inverts the value of the variable s (using the function Inv(x) = 
1 — x), and 

• starts a new cycle of his work. 
Otherwise, he sends the frame again. 

The flowchart representing this behavior has the following form: 
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timeout ? 



start 

s = 



"A 



In? x 



C\<p{x,8) 



"C 



start ! 



«D 



+ 



- inv(s) 




+ 


bit(z 













"E 



The process, which corresponds to this flowchart, is denoted by Sender, 
and has the following form: 

Init = (s = 0). 




timeout ? 
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2. The channel can contain no more than one frame. 
It can execute the following actions: 

• receive a frame from the sender, and 

— either send this frame to the receiver, 

— or send a distorted frame to the receiver, 

— or lose the frame 

• receive a confirmation frame from the receiver, and 

— either send this frame to the sender, 

— or send the distorted frame to the sender, 

— or lose the frame. 

The behavior of the channel is represented by the following process: 

CO (T) 




(9.20) 



SI* 



3. The receiver upon receiving of a frame from the channel 

• checks whether the frame is distorted, 

• and if the frame is not distorted, then the receiver extracts from 
the frame a packet and a boolean value using functions info and 
bit, with the following properties: 

info(<p(x,b)) = x, bit(<f(x,b)) = b 

The receiver checks whether the boolean value extracted from the frame 
coincides with the expected value, which is contained in the variable r, 
and 
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(a) if the checking gave a positive result, then the receiver 

• transmits the packet extracted from this frame to the RNA 

• inverts the value of r, and 

• sends the confirmation frame to the sender through the chan- 
nel. 

(b) if the checking gave a negative result, then the receiver sends a 
confirmation frame with an incorrect boolean value (which will 
cause the sender to send its current frame again). 

If the frame is distorted, then the receiver ignores this frame (assuming 
that the sender will send this frame again on the reason of receiving of 
the signal timeout from the timer). 

The flowchart representing the above behavior has the following form: 




c 



inv(r) 



Outlinfo(f) 



The process represented by this flowchart, is denoted by Receiver and 
has the following form: 

Init = (r = 0) 
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Out ! info(f) 
inv(r) 

The process Protocol, which corresponds to the whole protocol ABP, is 
defined in the same manner as in section [9.3. 11 by the expression (I9.14p . The 
flow graph of this process has the form (19.151) . 

The specification of the protocol ABP also has the same form as in section 
19.3.11 i.e. is defined as the process (I9.16p . 

The reduced process Protocol has the form 




(s^r) 
In? x 

X 

(s / r) 
inv(s) 



(s = r) 
Out ! x 
inv{r) 



{s = r) 
Outlx 
inv(s) 
inv(r) 



(9.21) 



The statement 

(JUnD « d£2H) 

can be proven, for example, with use of theorem [3H defining the function fi 
of the form 

(i : {1,2} x {i,j} ->■ Fm 
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as follows: 

= (s = r) 

( M2,^) d = f f ± 

Khj) = ^ r) 



9.4 Two-way alternating bit protocol 

The above protocols implement a data transmission (i.e. a transmission of 
frames with packets from a NA) only in one direction. 

In most situations, a data transmission must be implemented in both 
directions, i.e. each agent, which communicates with a channel, must act as 
a sender and as a receiver simultaneously. 

Protocols which implement a data transmission in both directions, are 
called duplex protocols, or protocols of two-way transmission. 

In protocols of two-way transmission a sending of confirmations can be 
combined with a sending of data frames (i.e. frames which contain packets 
from a NA): if an agent B has successfully received a data frame / from 
an agent A, then he may send a confirmation of receipt of the frame / not 
separately, but as part of his data frame. 

In this section we consider the simplest correct protocol of two-way trans- 
mission. 

This protocol 

• is a generalization of ABP (which is considered in section [9.3.21) . and 

• is denoted as ABP-2. 

ABP-2 also involves two agents, but behavior of each agent is described 
by the same process, which combines the processes Sender and Receiver 
from ABP. 

Each frame /, which is sent by any of these agents, contains 

• a packet x, and 

• two boolean values: s and r, where 

— s has the same meaning as in ABP: this is a boolean value asso- 
ciated with the packet x, and 
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— r is a boolean value associated with a packet in the last received 
undistorted frame. 



To build a frame, the encoding function (p is used. 

To extract a packet and boolean values s and r from a frame the functions 
info, seq and ack are used. These functions have the following properties: 

info(<f(x,s,r)) = x 
seq(if(x,s,r)) = s 
ack((p(x, s,r)) = r 

Also, agents use the inverting function inv to invert values of the boolean 
variables. 

Each sending/receiving agent is associated with a timer. A behavior of 
the timer is described by the process Timer, which is represented by the 
diagram (I9.12p . 

A flow graph of the protocol is as follows: 



Ini Out\ 



Agent\ 



Ci 



o 



Ci 



start i 



timeout 



Timer-i 



Channel 



C 2 



C 2 



In2 Out2 



►o 



Agent2 



start2 



-0- 



timeout-: 



Timer2 



(9.22) 



The process describing the behavior of sending/receiving agents, is rep- 
resented by the following flowchart: 
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In? x 



+ 



C ! ip(x, s, 1 — r) 



start ! 



■( ack(f)^ = s ^> — inv(r) 



E 



(seq(f) = r^)— *• Out ! info(f) 











timeout ? 


K) — - 


c?/ 





This flowchart shows that the agent sends a frame with its next packet 
only after receiving a confirmation of receiving of its current packet. 

The flowchart describing the behavior of a specific agent (i.e. Agenti 
or Agent 2 ), is obtained from this flowchart by assigning the corresponding 
index (1 or 2) to the variables and names, included in this flowchart. 

The behavior of the channel is described by the process 

®M[Ci/S,C 2 /R] 

The reader is requested 

• to define the process Spec, which is a specification of this protocol, and 

• to prove that this protocol meets the specification Spec. 



9.5 Two-way sliding window protocols 

ABP-2 is practically acceptable only when a duration of a frame transmission 
through the channel is negligible. 

If a duration of a frame transmission through the channel is large, then 
it is better to use a conveyor transmission, in which the sender may send 
several frames in a row, without waiting their confirmation. 
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Below we consider two protocols of two-way conveyor transmission, called 
sliding window protocols (SWPs). 

These protocols are extensions of ABP-2. They 

• also involve two sending/receiving agents, and behavior of each of these 
agent is described by the same process, combining functions of a sender 
and a receiver 

• an analog of a boolean value associated with each frame is an element 
of the set 

Z n = {0,...,ra-l} 
where n is a fixed integer of the form 2 k . 

An element of the set Z n , associated with a frame, is called a number of 
this frame. 

9.5.1 The sliding window protocol using go back n 

The first SWP is called SWP using go back n. 

The process which describes a behavior of a sending/receiving agent of 
this protocol, has the array x[n] among its variables. Components of this 
array may contain packets which are sent, but not yet confirmed. 

A set of components of the array x, which contain such packets at the 
current time, is called a window. 

Three variables of the process are related to the window: 

• b (a lower bound of the window) 

• s (an upper bound of the window), and 

• w (a number of packets in the window). 

Values of the variables b, s and w belong to the set Z n . 
At the initial time 

• the window is empty, and 

• values of the variables b, s and w are equal to 0. 

Adding a new packet to the window is performed by execution of the 
following actions: 



257 



• this packet is written in the component x[s], and it is assumed that the 
number s is associated with this packet 

• upper bound of the window s increases by 1 modulo n, i.e. new value 
of s is assumed to be 

— s + 1, if s < n — 1, and 

— 0, if s — n — 1, 

and 

• w (the number of packets in the window) is increased by 1. 

Removing a packet from the window is performed by execution of the follow- 
ing operations: 

• b (the lower bound of the window) is increased by 1 modulo n, and 

• w (the number of packets in the window) is decreased by 1 

i.e. it is removed a packet whose number is equal to the lower bound of the 
window. 

To simplify an understanding of the operations with a window you can 
use the following figurative analogy: 

• the set of components of the array x can be regarded as a ring 
(i.e. after the component x[n — 1] is the component x[0\) 

• at each time the window is a connected subset of this ring, 

• during the execution of the process this window is moved on this ring 
in the same direction. 

If the window size reaches its maximum value [n — 1), then the agent does 
not accept new packets from his NA until the window size is not reduced. 

An ability to receive a new packet is defined by the boolean variable 
enable: 

• if the value is 1, then the agent can receive new packets from his NA, 
and 

• if 0, then he can not do receive new packets. 
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If the agent receives an acknowledgment of a packet whose number is 
equal to the lower bound of the window, then this packet is removed from 
the window. 

Each component x[i] of the array x is associated with a timer, which 
determines a duration of waiting of confirmation from another agent of a 
receiving of the packet contained in the component x[i\. The combination of 
these timers is considered as one process Timers, which has an array of t [n] 
of boolean variables. This process is defined as follows: 

Init = (t= (0, ...,0)) 

(t [j] = 1) 

start ? i timeout ! j 



t [i] := 1 _ t [j] := 



(9.23) 



stop ? i 
t [i] := 



The right arrow in this diagram is the abbreviation for a set of n transi- 
tions with labels 

(f[0] = l) (f[n-l] = l) 

timeout ! ... timeout ! (n — 1) 
t [0] := t [n - 1] := 

Note that in this process there is the operator stopli, an execution of 
which prematurely terminates a corresponding timer. 
The protocol has the following features 

• If a sending/receiving agent has received a signal timeout from any 
timer, then the agent sends again all packets from his window. 

• If an agent has received a confirmation of a packet, then all previous 
packets in the window are considered also as confirmed (even if their 
confirmations were not received). 

Each frame /, which is sent by any of the sending/receiving agents of this 
protocol, contains 

• a packet x, 
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• a number s, which is associated with the packet x 
(by definition, s is also associated with the frame /) 

• a number r, which is a number associated with a last received undis- 
torted frame. 

To build a frame, the encoding function ip is used. 

To extract the components from the frames, the functions info, seq and 
ack, are used. These functions have the following properties: 

info(ip(x, s,r)) = x 
seq((p(x,s,r)) = s 
ack(<f(x,s,r)) = r 

The description of the process, representing the behavior of an agent of 
the protocol, we give in a flowchart form, which easily can be transformed to 
a flowchart. 

In this description we use the following notations. 

• The symbols + and — denote addition and subtraction modulo n. 

n n 

• The symbol r denotes a variable with has values at Z n . 

A value of r is equal to a number of an expected frame. 

The agent sends to his NA a packet, extracted from such a frame /, 
whose number seq(f) coincides with a value of the variable r. 

If a frame / is such that seq(f) ^ r, then 

— the packet info(f) in this frame is ignored, and 

— it is taken into account only the component ack(f). 

• The notation send is the abbreviation of the following group of opera- 
tors: 

C ! s, r — 1) 

n 

start ! s 
s := s + 1 



send = < 



n 



The notation 

between(a, b, c) 
is the abbreviation of the formula 



(a^bKc^V^cKa^b^V^bKcKa^j (9.24) 
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• The expression (w < n — 1) in the operator 

enable :— (w < n — 1) 

has a value 

— 1, if the inequality w < n — 1 holds, and 

— 0, otherwise. 

The process representing the behavior of a sending/receiveng agent of 
this protocos is the following: 



start 

enable = 1 
w, b,s,r = 



[enable = 1 



+ 



In ? x[s] 
send 

w := w + 1 



send 
i:=i + l 



enable := (w < n — 1) 



timeout ? i 
s := 6 
i := 1 



i < w 







< 


) 





+ 



Out\info(f) 
r := r + 1 



+ 



seg(/) = r 



w; := u; — 1 
stop ! 6 
b := 6 + 1 



+/ between 

(b,ack(f),s) 



The reader is requested 

• to define a process "channel" for this protocol 

(channel contains an ordered sequence of frames, which may distort 
and disappear) 

• to define a specification Spec of this protocol, and 

• to prove that the protocol meets the specification Spec. 

In conclusion, we note that this protocol is ineffective if a number of 
distortions in the frame transmission is large. 
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9.5.2 The sliding window protocol using selective re- 
peat 

The second SWP differs from the previous one in the following: an agent of 
this protocol has two windows. 

1. First window has the same function, as a window of the first SWP (this 
window is called a sending window). 

The maximum size of the sending window is m == n/2, where n has the 
same status as described in section 19.5.11 (in particular, frame numbers 
are elements of Z n ). 

2. Second window (called a receiving window) is designed to accom- 
modate packets received from another agent, which can not yet be 
transferred to a NA, because some packets with smaller numbers have 
not received yet. 

A size of the receiving window is m = n/2. 

Each frame /, which is sent by a sending/receiving agent of this protocol, 
has 4 components: 

1. k is a type of the frame, 

this component can have one of the following three values: 

• data (data frame) 

• ack (frame containing only a confirmation) 

• nak (frame containing a request for retransmission) 
("nak" is an abbreviation of "negative acknowledgment") 

2. x is a packet 

3. s is a number associated with the frame 

4. r is a number associated with the last received undistorted packet. 

If a type of a frame is ack or nak, then second and third components of 
this frame are fictitious. 

To build a frame, the encoding function ip is used. 
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To extract the components from the frames, the functions kind, info, seq 
and ack are used. These functions have the following properties: 

kind(ip(k,x,s,r)) = k 

info(<p(k,x,s,r)) = x 

seq(tp(k,x,s,r)) = s 

ack(ip(k,x, s,r)) = r 

The process describing the behavior of a sending/receiveng agent has the 
following variables. 

1. Arrays x[m] and y[m], designed to accommodate the sending window 
and the receiving window, respectively. 

2. Variables enable, b, s, w, having 

• the same sets of values, and 

• the same meaning 

as they have in the previous protocol. 

3. Variables r, u, values of which 

• belong to Z n , and 

• are equal to lower and upper bounds respectively of the receiving 
window. 

If these is a packet in the receiving window, a number of which is equal 
to the lower boundary receiving window (i.e. r), then the agent 

• transmits this packet to his NA, and 

• increases by 1 (modulo n) values of r and u. 

4. Boolean array 

arrived[m] 

whose components have the following meaning: arrived[i] = 1 if and 
only if an i-th component of the receiving window contains a packet 
which is not yet transmitted to the NA. 
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5. Boolean variable nojnak, which is used with the following purpose. 
If the agent receives 

• a distorted frame, or 

• a frame, which has a number different from the lower boundary 
of the receiving window (i.e. r) 

then he sends to his colleague a request for retransmission of a frame 
whose number is r. 

This request is called a Negative Acknowledgement (NAK). 

The boolean variable nosiak is used to avoid multiple requests for a 
retransmission of the same frame: This variable is set to 1, if NAK for 
a frame with the number r has not yet been sent. 

When a sending/receiveng agent gets an undistorted frame / of the type 
data, it performs the following actions. 

• If the number seq(f) falls into the receiving window, i.e. the following 
statement holds: 

between(r, seq(f),u) 

where the predicate symbol between has the same meaning as in the 
previous protocol (see (I9.24p ). then the agent 

— extracts a packet from this frame, and 

— puts the packet in its receiving window. 

• If the condition from the previous item does not satisfied (i.e. the 
number seq(f) of the frame / does not fall into the receiving window) 
then 

— a packet in this frame is ignored, and 

— only the component ack(f ) of this frame is taken into account. 
The following timers are used by the sending/receiving agent. 

1. An array of m timers, whose behavior is described by the process 
Timers (see (19.231) . with the replacement of n on m). 

Each timer from this array is intended to alert the sending/receiving 
agent that 
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• a waiting of a confirmation of a packet from the sending window 
with the corresponding number is over, and 

• it is necessary to send a frame with this packet again 

2. Additional timer, whose behavior is described by the following process: 



This timer is used with the following purpose. 

A sending by an agent of confirmations of frames received from another 
agent can be done as follows: the confirmation is sent 

(a) as a part of a data frame, or 

(b) as a special frame of the type ack. 

When the agent should send a confirmation conf, he 

• starts the auxiliary timer (i.e. executes the action start jack -timer !), 

• if the agent has received a new packet from his NA before a re- 
ceiving of the signal timeout from the auxiliary timer, then the 
agent 

— builds a frame of the type data, with consists of 

* this packet, and 

* the confirmation conf as the component ack 

- sends this frame to the colleague 

• if after an expiration of the auxiliary timer (i.e., after receiving the 
signal ackdimeout) the agent has not yet received a new packet 
from his NA, then he sends the confirmation conf by a separate 
frame of the type ack. 



Init = (t = 0) 



(t = l) 




start jack -timer ? 
t := 1 



ackJtimeout ! 
t := 
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The description of the process, representing the behavior of an agent of 
the protocol, we give in a flowchart form, which easily can be transformed to 
a flowchart. 

In this description we use the following notations and agreements. 

1. If % is an integer, then the notation i%m denotes a remainder of the 
division of i on m. 

2. If 

• mass is a name of an array of m components (i.e. x, y, arrived, 
etc.) and 

• i is an integer 

then the notation mass[i] denotes the element mass[i%m]. 

3. A notation of the form send{kind, i) is the abbreviation of the following 
group of operators: 



send(kind, i) 



C ! ip(kind,x[i],i,r — 1) 

n 

if {kind = nak) then no_nak := 
if {kind = data) then start ! {i%m) 
stop_ackJimer ! 



4. The notation between{a, b, c) has the same meaning as in the previous 
protocol. 

5. If any oval contains several formulas, then we assume that these for- 
mulas are connected by the conjunction (A). 

6. In order to save a space, some expressions of the form 

/(ei, • • • ,e n ) 

are written in two lines (/ in the first line, and the list {e±, . . . , e n ) in 
the second line) 

The process which represents a behavior of an agent of this protocol, has 
the following form: 
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start 

enable = 1 
w, b, s, r = 
u = m = n/2 
nojnak = 1 
arrived = (0 . . . 0) 



[enable = 1 




In? x [s] 
send(data, s) 
s := s + 1 

n 

w := w + 1 



timeout ? z 
send(data, i) 



ackJimeout ? 
send(ack, 0) 



frame 
processing 



The fragment frame processing in this diagram has the following form. 
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seq(f) ^ r 
nojnak = 1 






send(nak, 0) 
start jack -timer ! 











between 
(r,seq(f),u) 
arrived [seq(f)] 



+ 



kind(f) = nak 
between 
(b,ack(f) + l,s) 



between 
(b, ack(f),s) 



arrived [seq(f)] := 1 
V [seq{f)} := info(f) 




arrived [r] = 1 



+ 



Out ! y [r] 
nojnak := 1 
arrived [r] := 
r := r + 1 

n 

u := u+1 

n 

start jack -timer ! 



The reader is requested 

• to define a process "channel" for this protocol 

(channel contains an ordered sequence of frames, which may distort 
and disappear) 

• to define a specification Spec of this protocol, and 

• to prove that the protocol meets the specification Spec. 
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Chapter 10 



History and overview of the 
current state of the art 

Theory of processes combines several research areas, each of which reflects a 
certain approach to modeling and analysis of processes. Below we consider 
the largest of these directions. 

10.1 Robin Milner 

The largest contribution to the theory of processes was made by outstanding 
English mathematician and computer scientist Robin Milner (see p] - [5]). 
He was born 13 January 1934 near Plymouth, in the family of military officer, 
and died 20 March 2010 in Cambridge. 

Since 1995 Robin Milner worked as a professor of computer science at 
University of Cambridge (http://www.cam.ac.uk). From January 1996 to 
October 1999 Milner served as a head of Computer Lab at University of 
Cambridge. 

In 1971-1973, Milner worked in the Laboratory of Artificial Intelligence 
at Stanford University. From 1973 to 1995 he worked at Computer Science 
Department of University of Edinburgh (Scotland), where in 1986 he founded 
the Laboratory for Foundation of Computer Science. 

From 1971 until 1980, when he worked at Stanford and then in Edinburgh, 
he made a research in the area of automated reasoning. Together with col- 
leagues he developed a Logic for Computable Functions (LCF), which 

• is a generalization of D. Scott's approach to the concept of computabil- 
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ity, and 



• is designed for an automation of formal reasoning. 

This work formed the basis for applied systems developed under the leader- 
ship of Milner. 

In 1975-1990 Milner led the team which developed the Standard ML (ML 
is an abbreviation of "Meta-language"). ML is a widely used in industry and 
education Programming Language. A semantics of this language has been 
fully formalized. In the language Standard ML it was first implemented 
an algorithm for inference of polymorphic types. The main advantages of 
Standard ML are 

• an opportunity of operating with logic proofs, and 

• means of an automation of a construction of logical proofs. 

Around 1980 Milner developed his main scientific contribution - a Calcu- 
lus of Communicating Systems (CCS, see section [T0.2|) . CCS is one of the 
first algebraic calculi for an analysis of parallel processes. 

In late 1980, together with two colleagues he developed a 7r-calculus, 
which is the main model of the behavior of mobile interactive systems. 

In 1988, Milner was elected a Fellow of the Royal Society. In 1991 he was 
awarded by A. M. Turing Award - the highest award in the area of Computer 
Science. 

The main objective of his scientific activity Milner himself defined as a 
building of a theory unifying the concept of a computation with the concept 
of an interaction. 

10.2 A Calculus of Communicating Systems 
(CCS) 

A Calculus of Communicating Systems (CCS) was first published in 1980 in 
Milner's book jgS]. The standard textbook on CCS is [S2]. 

In [89] presented the results of Milner's research during the period from 
1973 to 1980. 

The main Milner's works on models of parallel processes made at this 
period: 
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• papers [51] . [55] , where Milner explores the denotational semantics of 
parallel processes 

• papers [83], [88], where in particular, it is introduced the concept of a 
flow graph with synchronized ports 

• [86], [87], in these papers the modern CCS was appeared. 

The model of interaction of parallel processes, which is used in CCS, 

• is based on the concept of a message passing, and 

• was taken from the work of Hoare |71j . 
In the paper [66] 

• a strong and observational equivalences are studied, and 

• it is introduced the logic of Hennessy-Milner. 

The concepts introduced in CCS were developed in other approaches, the 
most important of them are 

• the 7r-calculus ([53], [97J, [94]), and 

• structural operational semantics (SOS), this approach was established 
by G. Plotkin, and published in the paper [104J. 

More detail historical information about CCS can be found in [1 5J . 

10.3 Theory of communicating sequential pro- 
cesses (CSP) 

Theory of Communicating Sequential Processes (CSP) was developed by En- 
glish mathematician and computer scientist Tony Hoare (C.A.R. Hoare) (b. 
1934). This theory arose in 1976 and was published in [7_I]. A more complete 
summary of CSP is contained in the book [73J. 

In the CSP it is investigated a model of communication of parallel pro- 
cesses, based on the concept of a message passing. It is considered a syn- 
chronous interaction between processes. 
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One of the key concepts of CSP is the concept of a guarded command, 
which is borrowed from Dijkstra's work [52] . 

In [72] it is considered a model of CSP, based on the theory of traces. 
The main disadvantage of this model is the lack of methods for studying of 
the deadlock property. This disadvantage is eliminated in the other model 
CSP (failure model), introduced in [35] . 

10.4 Algebra of communicating processes (ACP) 

Jan Bergstra and Jan Willem Klop in 1982 introduced in [37] the term "pro- 
cess algebra" for the first order theory with equality, in which the object 
variables take values in the set of processes. Then they have developed ap- 
proaches led to the creation of a new direction in the theory of processes - 
the Algebra of Communicating Processes (ACP), which is contained in the 
papers [39], [H], [31]. 

The main object of study in the ACP logical theories, function symbols 
of which correspond to operations on processes (a., +, etc). 

In [T9] a comparative analysis of different points of view on the concept 
of a process algebra can be found. 

10.5 Process Algebras 

The term process algebra (PA), introduced by Bergstra and Klop, is used 
now in two meanings. 

• In the first meaning, the term refers to an arbitrary theory of first 
order with equality, the domain of interpretation of which is a set of 
processes. 

• In the second meaning, the term denotes a large class of directions, each 
of which is an algebraic theory, which describes properties of processes. 

In this meaning, the term is used, for example, in the title of the book 
"Handbook of Process Algebra" [12]. 

Below we list the most important directions related to PA in both mean- 
ings of this term. 

1. Handbook of PA [12]. 
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2. Summary of the main results in the PA: 

3. Historical overviews: [27], [28], [T5] . 



4. Different approaches related to the concept of an equivalence of pro- 
cesses: [M], [59], [57], [58], [56]. 

5. PA with the semantics of partial orders: |4"4"] . 

6. PA with recursion: [HI], |47j . 

7. SOS-model for the PA: [21], [38]. 

8. Algebraic methods of verification: [63J. 

9. PA with data (actions and processes are parameterized by elements of 
the data set) 

• PA with data /i-CRL 

• [62J (there is a software tool for verification on the base of pre- 
sented approach). 

• PSF [79] (there is a software tool). 

• Language of formal specifications LOTOS 



10. PA with time (actions and processes are parameterized by times) 

• PA with time based on CCS: [III], [99]. 

• PA with time based on CSP: [TUTJ. Textbook: [T09] . 

• PA with time on the base of ACP: [29] . 

• Integration of discrete and dense time relative and absolute time: 



Theory ATP: [TOO] . 

Account of time in a bisimulation: |33j . 
Software tool UPPAAL [7J] 
Software tool KRONOS |116j (timed automata). 
/i-CRL with time: [111] (equational reasonings). 
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11. Probabilistic PA (actions and processes are parameterized by probabil- 
ities) . 

These PAs are intended for combined systems research, which simulta- 
neously produced verification, and performance analysis. 

• Pioneering work: [64J. 

• Probabilistic PA, based on CSP: [76] 

• Probabilistic PA, based on CCS: [63] 

• Probabilistic PA, based on ACP: [51] . 

• PA TIPP (and the associated software tool): [6T?] . 

• PA EMPA: [13]. 

• In the works [21] and [25] it is considered simultaneous use of con- 
ventional and probabilistic alternative composition of processes. 

• In the paper [51] the concept of an approximation of probabilistic 
processes is considered. 

12. Software related to PAs 

• Concurrency Workbench [98] (PAs similar to CCS). 

• CWB-NC [mj. 

• CADP [M]. 

• CSP: FDR http://www.fsel.com/ 

10.6 Mobile Processes 

Mobile processes describe a behavior of distributed systems, which may 
change 

• a configuration of connections between their components, and 

• structure of these components 

during their functioning. 
Main sources: 

1. the 7r-calculus (Milner and others): 
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• the old handbook: [53] . 

• standard reference: [57] . 

• textbooks: [93], jg], [TO], 

• page on Wikipedia: [TJ] 

• implementation of the 7r-calculus on a distributed computer sys- 
tem: [ITS] . 

• application of the 7r-calculus to modeling and verification of secu- 
rity protocols: [12J. 

2. The ambient calculus: [48] . 

3. Action calculus (Milner): [93] 

4. Bigraphs: |S5], jSSJ- 

5. Review of the literature on mobile processes: [11] . 

6. Software tool: Mobility Workbench [112] . 

7. Site www . cs . auc . dk/mobility 
Other sources: 

• R. Milner's lecture "Computing in Space" [6], which he gave at the 
opening of the building named by B.Gates built for the Computer Lab 
of Cambridge University, May 1, 2002. 

In the lecture the concepts of an "ambient" and a "bigraph" are intro- 
duced. 

• R. Milner's lecture "Turing, Computing and Communication" [TJ. 

10.7 Hybrid Systems 

A hybrid system is a system, in which 

• values of some variables change discretely, and 

• values of other variables are changed continuously. 



275 



Modeling of a behavior of such systems is produced by using of differential 
and algebraic equations. 
The main approaches: 

• Hybrid Process Algebras: [H], [3S], [TT5] . 

• Hybrid automata: [22] [77]. 

For simulation and verification of hybrid systems it is developed a software 
tool HyTech [68] . 

10.8 Other mathematical theories and soft- 
ware tools, associated with a modeling 
and an analysis of processes 

1. Page in Wikipedia on the theory of processes [13]. 

2. Theory of Petri nets [103] . 

3. Theory of partial orders [80] . 

4. Temporal logic and model checking |106j . [118]. 

5. Theory of traces [108]. 

6. Calculus of invariants [23]. 

7. Metric approach (which studies the concept of a distance between pro- 
cesses): [35], [36] . 

8. sees gag. 

9. CIRCAL [H2]. 

10. MEIJE [25]. 

11. Process algebra of Hennessy [65] . 

12. Models of processes with infinite sets of states: [TT9]. [T20]. [121]. [T22]. 

13. Synchronous interacting machines: [123] . [124] . |125j . 
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14. Asynchronous interacting extended machines: [126] - [130J. 

15. Formal languages SDL [131], Estelle [T52] . LOTOS [155] . 

16. The formalism of Statecharts, introduced by D. Harel |134j . |135] and 
used in the design of the language UML. 

17. A model of communicating extended timed automata CETA [136] - 

cam- 

18. A Calculus of Broadcasting Systems [17], [IS] . 

10.9 Business Processes 

1. BPEL (Business process execution language) |141j . 

2. BPML (Business Process Modeling Language) [16], |142j . 

3. The article "Does Better Math Lead to Better Business Processes?" 

4. The web-page "7r-calculus and Business Process Management" |144] . 

5. The paper "Workflow is just a 7r-process", Howard Smith and Peter 
Fingar, October 2003 [T4"5] . 

6. "Third wave" in the modeling of business processes: |146j . |147j . 

7. The paper "Composition of executable business process models by com- 
bining business rules and process flows" [148] . 

8. Web services choreography description language [149] . 
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